Intrado 911 Emergency Gateway Vulnerable to SQL Injection Attacks
CVE-2024-1839

10CRITICAL

Key Information:

Vendor: Intrado
Status: 911 Emergency Gateway (egw)
Vendor: CVE Published:; 26 June 2024

What is CVE-2024-1839?

The Intrado 911 Emergency Gateway contains a vulnerability in its login form, which is susceptible to unauthenticated blind time-based SQL injection attacks. This flaw may enable remote attackers, without any authentication, to execute arbitrary code, extract sensitive data, or manipulate the underlying database. This threat poses significant risks to the integrity and confidentiality of the system, underscoring the necessity for prompt attention and remediation.

Affected Version(s)

911 Emergency Gateway (EGW) All

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2024

Credit

An anonymous individual reported this vulnerability to CISA..

CVE-2024-1839 Data

JSON