Cisco Emergency Responder vulnerabilities

CVE-2024-20352 [MEDIUM] CWE-23 CVE-2024-20352: A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduc A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability

CVE-2024-20347 [MEDIUM] CWE-352 CVE-2024-20347: A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to cond A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuadin

CVE-2023-20101 [CRITICAL] CWE-798 CVE-2023-20101: A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use du

CVE-2023-20259 [HIGH] CWE-400 CVE-2023-20259: A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operati

CVE-2023-20266 [MEDIUM] CWE-347 CVE-2023-20266: A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cis A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the applicat

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-1226 [MEDIUM] CWE-532 CVE-2021-1226: A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unifie A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sen

CVE-2019-16025 [MEDIUM] CWE-79 CVE-2019-16025: A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remo A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attac

CVE-2018-15403 [MEDIUM] CWE-601 CVE-2018-15403: A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Mana A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the paramete

CVE-2017-6779 [HIGH] CWE-399 CVE-2017-6779: Multiple Cisco products are affected by a vulnerability in local file management for certain system Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maxi

CVE-2016-6468 [HIGH] CWE-352 CVE-2016-6468: A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an un A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).

CVE-2016-9208 [MEDIUM] CWE-22 CVE-2016-9208: A vulnerability in the File Management Utility, the Download File form, and the Serviceability appli A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5

CVE-2015-6407 [MEDIUM] CWE-20 CVE-2015-6407: Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locat Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501.

CVE-2015-6406 [MEDIUM] CWE-22 CVE-2015-6406: Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) all Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.

CVE-2015-6400 [MEDIUM] CWE-79 CVE-2015-6400: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remo Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547.

CVE-2015-6405 [MEDIUM] CWE-352 CVE-2015-6405: Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) al Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.

CVE-2014-2116 [MEDIUM] CWE-20 CVE-2014-2116: Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modif Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.

CVE-2014-2114 [MEDIUM] CWE-79 CVE-2014-2114: Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and ea Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.

CVE-2014-2117 [MEDIUM] CWE-20 CVE-2014-2117: Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remot Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.

CVE-2014-2115 [MEDIUM] CWE-352 CVE-2014-2115: Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergenc Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.