CVE-2024-20347

CWE-352Cross-Site Request Forgery (CSRF)CWE-234 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 62.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Emergency ResponderCisco Cisco Emergency Responder
Timeline
PublishedApr 3

Description

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/emergency_responder< 12.5(1)su8b+5

🔴Vulnerability Details

2
GHSA
GHSA-2vqq-3rpw-85f7: A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker2024-04-03
CVEList
CVE-2024-20347: A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker2024-04-03

📋Vendor Advisories

1
Cisco
Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities2024-04-03
CVE-2024-20347 (MEDIUM CVSS 6.5) | A vulnerability in Cisco Emergency | cvebase.io