Open Redirect Vulnerabilities in Cisco Emergency Responder Software
CVE-2014-2117

Currently unrated

Key Information:

Vendor: Cisco
Status: Emergency Responder
Vendor: CVE Published:; 4 April 2014

Summary

Multiple vulnerabilities related to open redirects exist in Cisco Emergency Responder 8.6 and prior versions. These vulnerabilities allow remote attackers to redirect users to arbitrary websites, thereby potentially facilitating phishing attacks through the exploitation of unspecified parameters. Due to these vulnerabilities, users could unknowingly disclose sensitive information to malicious parties, making it essential for organizations using the affected Cisco products to apply mitigations and maintain heightened security awareness.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030019

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Apr 4, 2014
Vulnerability Reserved
Feb 25, 2014