Introduction: Why Your 911 Calls Could Have Been at Risk
What if the emergency services you rely on were at risk of being compromised? Cisco has recently patched a critical vulnerability, labeled
CVE-2023-20101, in a product used by emergency services in the United States and Canada. This flaw could have allowed unauthorized attackers to gain root-level access to the system that routes 911 calls and identifies the caller’s location.
What is Cisco Emergency Responder?
Cisco Emergency Responder1 is designed to work in tandem with Cisco Unified Communications Manager and other VOIP solutions. The primary function of this system is to route emergency calls to the appropriate local dispatch center. Additionally, it keeps logs of emergency calls and determines the location of the caller.
The Vulnerability Explained
The security flaw involved a hardcoded password for a root account that could not be altered or removed. Generally, hardcoded login details like these are used during the development stage. This vulnerability was deemed critical, scoring a 9.8 out of 10 on the impact scale.
Why It’s a Big Deal
Having a hardcoded password for root access is akin to leaving the keys to your home under the doormat. Any attacker who knew of this password could gain root-level access to a vulnerable system. Given that this technology is used for routing emergency calls, the potential repercussions could be life-threatening.
What Cisco Recommends
Cisco has urged organizations to install the newly released update to address this issue. Importantly, no workarounds are available, making the update crucial for ensuring the security of emergency call systems.
If you are responsible for a system that uses Cisco Emergency Responder, now is the time to update. Failure to do so could put not just your organization, but also countless lives, at risk.
- https://www.cisco.com/c/en/us/support/docs/voice-unified-communications/emergency-responder/116058-cisco-emergency-responder-00.html ↩︎