CVE-2023-20101 (CNNVD-202310-284)
中文标题:
Cisco Emergency Responder 信任管理问题漏洞
英文标题:
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log ...
漏洞描述
中文描述:
Cisco Emergency Responder是美国思科(Cisco)公司的一款应急响应框架。 Cisco Emergency Responder 12.5(1)SU4版本存在信任管理问题漏洞,该漏洞源于root 帐户存在静态用户凭据,这些凭据通常在开发期间使用,攻击者利用该漏洞可能登录受影响的系统并以root用户身份执行任意命令。
英文描述:
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Emergency Responder | 12.5(1)SU4 | - | - |
cpe:2.3:a:cisco:cisco_emergency_responder:12.5(1)su4:*:*:*:*:*:*:*
|
| cisco | emergency_responder | 12.5\(1\)su4 | - | - |
cpe:2.3:a:cisco:emergency_responder:12.5\(1\)su4:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-20101 |
2025-11-11 15:21:47 | 2025-11-11 07:38:02 |
| NVD | nvd_CVE-2023-20101 |
2025-11-11 14:59:10 | 2025-11-11 07:46:12 |
| CNNVD | cnnvd_CNNVD-202310-284 |
2025-11-11 15:11:19 | 2025-11-11 07:58:16 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 信任管理问题
- cnnvd_id: 未提取 -> CNNVD-202310-284
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']