HC3 TLP Clear: Sector Alert - Critical Vulnerability in Cisco Emergency Responder Platform, October 6, 2023

Executive Summary

Cisco recently released an update which fixes a critical vulnerability in their Emergency Responder communications platform, a system that is utilized in the health sector. Exploitation of this vulnerability allows for a cyberattacker to completely compromise a vulnerable system, and then utilize it for further cyberattacks across an enterprise network. HC3 recommends healthcare organizations identify vulnerable systems in their infrastructure and prioritize the implementation of this update.

Report

This report summarizes Cisco’s Unified Communications platform, Cisco’s Emergency Responder platform and a critical vulnerability in Emergency Responder, which can allow for full compromise of a victim system. HHS recommends prioritizing the mitigation of this vulnerability (specific instructions below). HHS also recommends the operation and maintenance of an enterprise vulnerability management program for all organizations, whether conducted in-house or outsourced, or an implementation of both for a hybrid approach. Report This report summarizes Cisco’s Unified Communications platform, Cisco’s Emergency Responder platform and a crtitical vulnerability in Emergency Responder, which can allow for full compromise of a victim system. HHS recommends prioritizing the mitigation of this vulnerability (specific instructions below). HHS also recommends the operation and maintenance of an enterprise vulnerability management program for all organizations, whether conducted in-house or outsourced, or an implementation of both for a hybrid approach.

View the details below.