VDB
CVE-2023-20101
CVE-2023-20101
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
EPSS 0.71% · 72.8th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.71%
72.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | emergency_responder | * |
| Cisco | Cisco Emergency Responder | 12.5(1)SU4 |
Exploit Intelligence
- cisco-sa-cer-priv-esc-B9t3hqk9 (circl)
Timeline
- Oct 4, 2023 CVE Published
- Oct 5, 2023 EPSS Score
- Nov 6, 2023 EPSS Score
- Dec 7, 2023 EPSS Score
- Jan 8, 2024 EPSS Score
- Mar 11, 2024 EPSS Score
- Apr 12, 2024 EPSS Score
- May 14, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 16, 2024 EPSS Score
- Aug 17, 2024 EPSS Score
- Sep 17, 2024 EPSS Score
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT advisory
- cisco-sa-cer-priv-esc-B9t3hqk9 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-20101 advisory