Advisory No: TZCERT/SA/2023/10/5

Date of First Release: 5^th October 2023

Source: CISCO

Software Affected:  Cisco Emergency Responder

Overview:

A vulnerability affecting Cisco Emergency Responder has been disclosed. This vulnerability may lead to arbitrary code execution in the context of privileged user.

Description:

Cisco Emergency Responder has the static user credentials for the root account that is reserved for use during development. This default account with static credentials that cannot be changed or deleted is vulnerable. It allows the attacker to log in to the affected system and execute arbitrary commands as root user.

Impact:

Successful exploitation of this vulnerability may allow the attacker to take control of affected system.

Solution:

Cisco has released a patch for this vulnerability. Users and administrators are encouraged to apply all necessary updates.

References:

1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9

SUSE has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review SUSE Security Advisories suse-su-20233975-1, suse-su-20233981-1, suse-su-20233984-1, suse-su-20233969-1, suse-su-20233966-1, suse-su-20233957-1 and suse-su-20233963-1 and apply necessary updates.

Ubuntu has released security updates to address vulnerabilities in Linux kernel, Django, gnu, exim and freerdp. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Ubuntu Security Advisories USN-6416-1, USN-6414-2, USN-6413-1, USN-6411-1 and USN-6401-1 and apply necessary updates.

Apple has released security updates to address vulnerabilities in iOS and iPadOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Apple Security Advisory and apply necessary updates.

Dell has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Dell Security Advisories dsa-2023-305, dsa-2023-321, dsa-2023-328 and dsa-2023-331 and apply necessary updates.