1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cisco releases urgent patch for flaw that could let hackers acces

    From TechnologyDaily@1337:1/100 to All on Fri Oct 6 17:30:04 2023
    Cisco releases urgent patch for flaw that could let hackers access Emergency Response Systems

    Date:
    Fri, 06 Oct 2023 17:16:06 +0000

    Description:
    Cisco's ERS was carrying a rather worrying security flaw that could have allowed hackers access.

    FULL STORY ======================================================================

    Cisco Emergency Responder (CER), the companys emergency communication system used to respond to crises in a timely manner, had hardcoded credentials, allowing hackers with knowledge of this fact easy access to the systems.

    The news was confirmed by the company itself, which recently released a new patch to address the problem.

    The vulnerability is tracked as CVE-2023-20101 and comes with a severity
    score of 9.8. "An attacker could exploit this vulnerability by using the account to log in to an affected system," Cisco said in an advisory. "A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user." Hardcoded credentials

    Hardcoded login credentials arent exactly a new thing. Developers sometimes use them to make logging in easier during development. The problem is when
    the devs forget to remove them before shipping the product out.

    The flaw is found in Cisco Emergency Responder 12.5(1)SU4, and those who use it should make sure they bring the software up to version 12.5(1)SU5. Other releases were not vulnerable, it was said.

    The good news is that Cisco is under the impression that no one managed to abuse the flaw yet. The company discovered it during internal security
    testing and has no reason to believe someone beat it to the punch.

    However, now that the cat is out of the bag, its safe to assume that
    different threat actor groups will try and abuse the flaw. That is why
    keeping software up-to-date is one of the most important cybersecurity practices today. Most of cyberattacks and hacks these days are not done through zero-days (flaws for which the developers had zero days to fix), but rather old vulnerabilities that software users never got to patch.

    Having endpoint protection solutions, as well as firewalls, installed,
    wouldnt hurt, either. More from TechRadar Pro Microsoft confirms Azure
    attacks using breached SQL servers Here's a list of the best firewalls today These are the best endpoint protection services around



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisco-releases-urgent-patch-for-flaw-th at-could-let-hackers-access-emergency-response-systems


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)