Cross-Site Request Forgery Vulnerability in Cisco Emergency Responder
CVE-2014-2115

Currently unrated

Key Information:

Vendor: Cisco
Status: Emergency Responder
Vendor: CVE Published:; 4 April 2014

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities exist in the CERUserServlet pages of Cisco Emergency Responder versions 8.6 and earlier. These vulnerabilities enable remote attackers to execute malicious requests that can hijack the authentication of arbitrary users, leading to unauthorized access and potential exploitation of user sessions. The vulnerabilities are documented under Bug ID CSCun24250 and pose a serious risk to the security integrity of affected systems.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1030019

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 4, 2014
Vulnerability Reserved
Feb 25, 2014