Is CVE-2023-20101 actively exploited?

CVE-2023-20101 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-20101?

CVE-2023-20101 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2023-20101?

Patch guidance is available from cisco security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-20101.

Which products are affected by CVE-2023-20101?

1 product: cisco emergency responder.

Fix CVE-2023-20101 - CRITICAL cisco emergency responder

Description

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-798 · Hard-coded Credentials CWE-798 · Hard-coded Credentials

Metadata

Primary Vendor: CISCO
Published: 10/4/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

cisco : emergency_responder

Remediation Guidance

Executive Summary

Cite this page

CVE-2023-20101. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2023-20101

View on NIST NVD

CVE-2023-20101 vulnerability