Cisco has introduced updates to tackle a critical security flaw impacting Unexpected emergency Responder that permits unauthenticated, remote attackers to signal into vulnerable systems using difficult-coded credentials.
The vulnerability, tracked as CVE-2023-20101 (CVSS rating: 9.8), is owing to the presence of static consumer credentials for the root account that the enterprise said is typically reserved for use through advancement.
“An attacker could exploit this vulnerability by applying the account to log in to an impacted method,” Cisco stated in an advisory. “A profitable exploit could allow the attacker to log in to the affected method and execute arbitrary instructions as the root person.”
The issue impacts Cisco Unexpected emergency Responder Release 12.5(1)SU4 and has been addressed in edition 12.5(1)SU5. Other releases of the product are not impacted.
The networking gear big said it uncovered the trouble all through inside security tests and that it’s not conscious of any malicious use of the vulnerability in the wild.
The disclosure will come much less than a week after Cisco warned of attempted exploitation of a security flaw in its IOS Software program and IOS XE Software package (CVE-2023-20109, CVSS score: 6.6) that could permit an authenticated remote attacker to accomplish remote code execution on impacted methods.
In the absence of temporary workarounds, clients are encouraged to update to the hottest variation to mitigate possible threats.
Discovered this write-up appealing? Follow us on Twitter and LinkedIn to study more exceptional content material we put up.
Some parts of this article are sourced from:
thehackernews.com