Cross-Site Request Forgery in Cisco Emergency Responder Software
CVE-2015-6405

Currently unrated

Key Information:

Vendor: Cisco
Status: Emergency Responder
Vendor: CVE Published:; 13 December 2015

Summary

A cross-site request forgery (CSRF) vulnerability has been identified in Cisco Emergency Responder versions 10.5(1) and 10.5(1a). This security flaw enables remote attackers to exploit user sessions by hijacking the authentication of arbitrary users. By tricking a user into submitting a crafted request, attackers can perform actions on behalf of the user without their consent, potentially leading to unauthorized access and changes in the system. It is critical for users of these affected versions to apply recommended security measures to mitigate the risk of exploitation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/78812

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1034385

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 13, 2015
Vulnerability Reserved
Aug 17, 2015