CVE-2024-20352

CWE-23CWE-22Path TraversalCWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 49.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Emergency ResponderCisco Cisco Emergency Responder
Timeline
PublishedApr 3

Description

A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/emergency_responder< 12.5(1)su8b+5
CVEListV5cisco/cisco_emergency_responder35 versions+34

🔴Vulnerability Details

2
GHSA
GHSA-4pgp-hx9q-53rp: A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow2024-04-03
CVEList
CVE-2024-20352: A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow2024-04-03

📋Vendor Advisories

1
Cisco
Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities2024-04-03
CVE-2024-20352 (HIGH CVSS 8.8) | A vulnerability in Cisco Emergency | cvebase.io