4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.9 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
According to its self-reported version, Cisco Emergency Responder is affected by multiple vulnerabilities.
A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system.
(CVE-2024-20352)
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device. (CVE-2024-20347)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 105c497a55524b6f6b24e0e2e11a769dca70c94a116a59cac768033429a6f48f210cec5234636254440399181a194d50de5a7b432afc81824220108361f08516a15854f585cf4bc4bfa13d85e83641124d54a32b67f56d9fce12ceacc96f29edb3d20f4638d83e1fd4f704019c09351430b7051bec5a254e5f439070dbd7c1b37a362f7ab093871c8473a0e1aab55b0beddc91daef37414df426241bfc43dd49b792b2695f6b66a4efc6ab1dfbf4885d351857ee114b4286363e883a75dafc28ac65f6259ff3e71afbc2be725229bc9e6c1f38e8d63ad235b31a67f267735ce20a472dbbbb69c12960faa697081500e5ddd843b3ca5294bda4e8d5c218980ab371ac73e5d218a42d4dbeeb87a37109666b6e2bdc97557919938e2f81e6193e179b104b7178ef342c1f393372bd0715f17af284b81caa2ecf4d7e361f43c15808cf5beb2d88a49b972ad3bb0fd8c31d581878f38dbe8af4a722e092296b166f7e852d1f6fe0ef18438f42664e728dca42b0d5f962504b1af7147372c459977796ae4d08fb68df21c1d44aa0a0d04790990f6d744f454a96b8b0ff44faa5963ed25654cce3d16f157eae1e4c29243953c3d2362521449a8dc04143a59ec69b4c5b54309e1a20b98f042d14a43a34c1dea561245b86fc8c6bb15feb2538007e04cba9b011e7055b3c3aab3535822fafd7446a01ae4083f392e9eeb22d32b99f11a9
#TRUST-RSA-SHA256 049632042bf3ad11e06df85fbb5280db6d382a4ace79f4ccf7ee3a524583e846f01da33b11c62c3a303a5da9e4ae72d62d6e18e97a163ce6b7b1f88d7a94d996308925e9796b064d0c73580adc2b63e3551ad5480eb48d00fcf227f82012229615f84d9dd293d39067c9e52ccb4d646aeb15ceadffd06c4be7edee5d467b66b3a57d512d5ba18c58ad7efe3d83c6796b78fc4d4a706a9165eb7bce0a80eaa5038f0ca2e94fee1a7c6d2fec9bf064fe7b8cd7adf8378744ea620ccc42c13974b1dac3b3784571ac4de626dd82a142da01a1f1c211a21b34f156e2ef1324fc39340df510e2eab972eea4f6d672a18895d4e6c1bd2bba72f11a270bbdf946fd71d48f0de4e33911fb90c6921bc948f0d687e318beff9721ff9b4c291ddf02b58f71c9b364bf27fb5239b7a0a25255663a08ae8c152a4e37e2e827f7317ea9badd52f931199be5f20d7d7637f553a1d9486256b27a3a56df3cb2877563508dec3e174deebb54fe8de645aafffab72ec0393c6aeeac71782e5920ae74bccd91276b82d8b8092baad1cc69bec8f99d03416ea1f9f02d93d0c6bc3936d0b4a28cbba00c71ecd559f476edd45d39e94bb7cdbaa960bd00b622e185afafec36c8eba009473ab887f279165f31c4dc7a5899595ccc3d40233c88562572235050ec035905b184e41dbe4c027d21f70da4b0fb82822f5c56aa194f63c3a1952afb6daf8c2d3d
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(193039);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/09");
script_cve_id("CVE-2024-20347", "CVE-2024-20352");
script_xref(name:"IAVA", value:"2024-A-0197");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf41263");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf41347");
script_xref(name:"CISCO-SA", value:"cisco-sa-cem-csrf-suCmNjFr");
script_name(english:"Cisco Emergency Responder Multiple Vulnerabilities (cisco-sa-cem-csrf-suCmNjFr)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Emergency Responder is affected by multiple vulnerabilities.
- A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a
directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected
device. This vulnerability is due to insufficient protections for the web UI of an affected system. An
attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit
could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such
as accessing password or log files or uploading and deleting existing files from the system.
(CVE-2024-20352)
- A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a
CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This
vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could
exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow
the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting
users from the device. (CVE-2024-20347)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d4bc131");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf41263");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf41347");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwf41263, CSCwf41347");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20352");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(23, 352);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/03");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/09");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:emergency_responder");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
exit(0);
}
include('vcf_extras.inc');
var app_info = vcf::get_app_info(app:'Cisco Emergency Responder (CER)');
var constraints = [
# https://software.cisco.com/download/home/286322260/type/282074227/release/12.5(1)SU8
{'fixed_version': '12.5.1.27900.8'},
# 14SU4 to be released in 05/2024, fixed ver used here is 14SU3a incremented by .1
# https://software.cisco.com/download/home/286328120/type/282074227/release/14SU3a
{'min_version': '14.0', 'fixed_version': '14.0.1.13901.2'}
];
vcf::cisco_cer::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | emergency_responder | cpe:/a:cisco:emergency_responder |
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.9 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%