Cisco has launched updates to deal with a critical security flaw impacting Crisis Responder that makes it possible for unauthenticated, distant attackers to sign into prone devices applying tough-coded qualifications.
The vulnerability, tracked as CVE-2023-20101 (CVSS rating: 9.8), is due to the presence of static person credentials for the root account that the corporation mentioned is commonly reserved for use throughout advancement.
“An attacker could exploit this vulnerability by utilizing the account to log in to an afflicted method,” Cisco explained in an advisory. “A effective exploit could allow for the attacker to log in to the affected system and execute arbitrary commands as the root user.”
The issue impacts Cisco Unexpected emergency Responder Release 12.5(1)SU4 and has been addressed in edition 12.5(1)SU5. Other releases of the solution are not impacted.
The networking products big reported it found the dilemma through inside security testing and that it can be not knowledgeable of any destructive use of the vulnerability in the wild.
The disclosure comes much less than a week following Cisco warned of tried exploitation of a security flaw in its IOS Software package and IOS XE Software (CVE-2023-20109, CVSS score: 6.6) that could allow an authenticated remote attacker to attain remote code execution on affected methods.
In the absence of momentary workarounds, prospects are advised to update to the most recent model to mitigate opportunity threats.
Uncovered this article intriguing? Adhere to us on Twitter and LinkedIn to browse additional exclusive content material we submit.
Some components of this article are sourced from: