The National Institute of Standards and Technology (NIST) has recently released information about a critical vulnerability related to the Cisco emergency responder data sheet. The Cisco emergency responder enhances existing 9-1-1 functionality offered by the Cisco Unified Communications Manager. The Cisco emergency responder data sheet assures that the Cisco Unified Communications Manager will send emergency calls to the appropriate emergency communications center (ECC) for the caller's location, and the ECC can identify the caller's location and return the call if necessary.
This identified critical vulnerability could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to static user credentials for the root account that are typically reserved for use during development. ECCs are encouraged to work with their vendors to ensure appropriate software has been updated. There are no current workarounds. More information about this critical vulnerability can be found online.