Cisco has released security updates to address critical vulnerabilities in its software [3] [6]. These vulnerabilities pose a significant risk to affected devices and can potentially be exploited by attackers.
Description
Cisco has identified a critical vulnerability (CVE-2023-20101) in its Emergency Responder software. This flaw allows unauthenticated [3], remote attackers to log into affected devices using hard-coded root credentials [1]. By exploiting this vulnerability [1] [5] [7], attackers can execute arbitrary commands with root privileges [2] [3] [4]. The severity of this vulnerability [8], rated 9.8 out of 10 by Cisco, highlights the urgency of applying the necessary patches.
In addition to this vulnerability, Cisco has also urged customers to patch a zero-day vulnerability (CVE-2023-20109) that is actively targeted by attackers [3]. Furthermore, ransomware groups have been exploiting another zero-day vulnerability (CVE-2023-20269) impacting Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) [3]. It is important to note that law enforcement and cybersecurity agencies have warned about Chinese hackers utilizing backdoors in network devices for network breaches [3]. However, there have been no reports of malicious use of the vulnerability in the wild.
To enhance security and mitigate these risks, it is recommended to establish and maintain a vulnerability management process [5]. This includes performing automated application patch management and conducting automated vulnerability scans of internal enterprise assets [5]. The Principle of Least Privilege should also be applied by managing default accounts on enterprise assets and software [5], restricting administrator privileges to dedicated accounts [5], and running all software as a non-privileged user [5]. Application control and script blocking can help block code execution on the system. Additionally, implementing technical controls such as application allowlisting [5], allowlisting authorized libraries [5], and allowlisting authorized scripts ensures that only authorized software, libraries [5], and scripts are allowed to execute [5]. Regular reassessment of these controls is advised [5].
Conclusion
The identified vulnerabilities in Cisco software pose significant risks to affected devices. Promptly applying the necessary patches and implementing recommended security measures is crucial to prevent unauthorized access and malicious actions. It is important for administrators to stay vigilant and stay updated with the latest security advisories from Cisco to protect their network infrastructure.
References
[1] https://www.tenable.com/cve/CVE-2023-20101
[2] https://thehackernews.com/2023/10/cisco-releases-urgent-patch-to-fix.html
[3] https://cybermaterial.com/cisco-fixes-root-credentials-flaw/
[4] https://www.redpacketsecurity.com/cisco-releases-urgent-patch-to-fix-critical-flaw-in-emergency-responder-systems/
[5] https://www.cisecurity.org/advisory/a-vulnerability-in-cisco-emergency-responder-could-allow-for-arbitrary-code-execution_2023-114
[6] https://vulnera.com/newswire/cisco-addresses-critical-security-flaw-in-emergency-responder/
[7] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9?cve=title
[8] https://cyber.vumetric.com/security-news/2023/10/05/cisco-releases-urgent-patch-to-fix-critical-flaw-in-emergency-responder-systems/