Lucene search

CiscoCISCO-SA-CEM-CSRF-SUCMNJFR

HistoryApr 03, 2024 - 4:00 p.m.

Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities

2024-04-0316:00:00

tools.cisco.com

cisco

emergency responder

cross-site request forgery

directory traversal

vulnerabilities

attack

device

software updates

advisory

security center

details section

arbitrary actions

workarounds

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Multiple vulnerabilities in Cisco Emergency Responder could allow an attacker to conduct a cross-site request forgery (CSRF) or directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr”]

Affected configurations

Vulners

Node

ciscoemergency_responderMatchany

CPENameOperatorVersion
cisco emergency respondereqany
cisco emergency respondereqany

CPE	Name	Operator	Version
	cisco emergency responder	eq	any
	cisco emergency responder	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr