CSRF Vulnerability in Cisco Emergency Responder Management Interface
CVE-2016-6468

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Emergency Responder
Vendor
CVE Published:
14 December 2016

Summary

A vulnerability exists in the web-based management interface of Cisco Emergency Responder, which may allow an unauthenticated remote attacker to perform a cross-site request forgery (CSRF) attack. This could enable the attacker to execute arbitrary actions on the affected device without requiring valid credentials. It is crucial for users to apply the appropriate patches or upgrades to mitigate this risk. The vulnerability affects version 11.5(1.10000.4), with remedial measures available in version 12.0(0.98000.14). For more information, refer to the relevant security advisories.

Affected Version(s)

Cisco Emergency Responder Cisco Emergency Responder

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94786
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037428
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.