Vulnerabilities > CVE-2024-20347 - Unspecified vulnerability in Cisco Emergency Responder

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

cisco

NVD

Published: 2024-04-03

Updated: 2025-04-11

Summary

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Emergency Responder 14Su3 Cisco Emergency Responder 14 Cisco Emergency Responder 14Su1 Cisco Emergency Responder 14Su2 Cisco Emergency Responder 14Su3A	5

Summary

Vulnerable Configurations

References