Cisco Fixes Critical Security Flaw in Emergency Responder Service

Estimated read time 2 min read

Introduction: Why Your 911 Calls Could Have Been at Risk

What if the emergency services you rely on were at risk of being compromised? Cisco has recently patched a critical vulnerability, labeled CVE-2023-20101, in a product used by emergency services in the United States and Canada. This flaw could have allowed unauthorized attackers to gain root-level access to the system that routes 911 calls and identifies the caller’s location.

What is Cisco Emergency Responder?

Cisco Emergency Responder1 is designed to work in tandem with Cisco Unified Communications Manager and other VOIP solutions. The primary function of this system is to route emergency calls to the appropriate local dispatch center. Additionally, it keeps logs of emergency calls and determines the location of the caller.

The Vulnerability Explained

The security flaw involved a hardcoded password for a root account that could not be altered or removed. Generally, hardcoded login details like these are used during the development stage. This vulnerability was deemed critical, scoring a 9.8 out of 10 on the impact scale.

Why It’s a Big Deal

Having a hardcoded password for root access is akin to leaving the keys to your home under the doormat. Any attacker who knew of this password could gain root-level access to a vulnerable system. Given that this technology is used for routing emergency calls, the potential repercussions could be life-threatening.

What Cisco Recommends

Cisco has urged organizations to install the newly released update to address this issue. Importantly, no workarounds are available, making the update crucial for ensuring the security of emergency call systems.

If you are responsible for a system that uses Cisco Emergency Responder, now is the time to update. Failure to do so could put not just your organization, but also countless lives, at risk.

  1. ↩︎
Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author

+ There are no comments

Add yours