cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20347,https://securityvulnerability.io/vulnerability/CVE-2024-20347,CSRF Vulnerability in Cisco Emergency Responder Affects Company Operations,"A vulnerability in Cisco Emergency Responder could allow unauthorized remote attackers to execute a Cross-Site Request Forgery (CSRF) attack. This flaw stems from inadequate protection measures in the web interface of the system. By enticing a user to click on a specially crafted link, an attacker could leverage this vulnerability to perform arbitrary actions with the privileges of the user, which may include critical operations like deleting users on the device. Ensuring robust security practices and implementing safeguards against CSRF is essential for protecting affected systems.",Cisco,Cisco Emergency Responder,4.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2024-20352,https://securityvulnerability.io/vulnerability/CVE-2024-20352,Directory Traversal Vulnerability in Cisco Emergency Responder,"A vulnerability in Cisco Emergency Responder enables an authenticated, remote attacker to execute a directory traversal attack. This attack arises from inadequate protections in the web user interface of the affected system. By sending specially crafted requests to the web UI, an attacker can exploit this vulnerability to perform arbitrary actions with the affected user's privileges. Such actions may include accessing sensitive information like password or log files, and managing files by uploading or deleting them from the system.",Cisco,Cisco Emergency Responder,4.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-07-29T14:15:03.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2023-20259,https://securityvulnerability.io/vulnerability/CVE-2023-20259,Denial of Service Vulnerability in Cisco Unified Communications Products,"A vulnerability exists within an improperly secured API endpoint across various Cisco Unified Communications Products. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted HTTP request. This could result in excessive CPU utilization, leading to potential delays in call processing and affecting access to the web-based management interface. This API is not meant for device management and its exploitation could result in a denial of service condition. Fortunately, once the attack ceases, the affected devices are designed to recover automatically without needing manual intervention.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Prime Collaboration Deployment",7.5,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20101,https://securityvulnerability.io/vulnerability/CVE-2023-20101,Remote Authentication Bypass Vulnerability in Cisco Emergency Responder,"A security vulnerability exists in Cisco Emergency Responder that permits an unauthorized, remote attacker to gain access to the system by exploiting default, unchangeable root account credentials. These static credentials, which are meant only for development use, expose affected systems to potential illegitimate access. An attacker leveraging this flaw could execute arbitrary commands as the root user, thereby compromising the integrity and confidentiality of the network. Organizations utilizing Cisco Emergency Responder should take immediate steps to assess their risk and apply necessary mitigations.",Cisco,Cisco Emergency Responder,9.8,CRITICAL,0.0017800000496208668,false,,false,false,true,2024-10-23T20:15:06.000Z,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20266,https://securityvulnerability.io/vulnerability/CVE-2023-20266,Privilege Escalation Vulnerability in Cisco Unified Communications Products,"A security flaw exists in Cisco Emergency Responder and related Unified Communications products, allowing an authenticated remote attacker to gain root privileges. This vulnerability arises due to inadequate restrictions on the upgrade files utilized by the application. An attacker with valid platform administrator credentials could exploit this weakness by deploying a specially crafted upgrade file, thereby elevating their access rights and compromising the affected device's integrity.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager",7.2,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2021-1226,https://securityvulnerability.io/vulnerability/CVE-2021-1226,Cisco Unified Communications Products Information Disclosure Vulnerability,"A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",Cisco,Cisco Emergency Responder,4.3,MEDIUM,0.001500000013038516,false,,false,false,true,2024-08-03T17:15:45.000Z,,false,false,,2021-01-13T00:00:00.000Z,0
CVE-2019-16025,https://securityvulnerability.io/vulnerability/CVE-2019-16025,Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.",Cisco,Cisco Emergency Responder,5.5,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-05T02:15:48.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2018-15403,https://securityvulnerability.io/vulnerability/CVE-2018-15403,Multiple Cisco Unified Communications Products Open Redirect Vulnerability,"A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.",Cisco,Cisco Emergency Responder,5.4,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2017-12227,https://securityvulnerability.io/vulnerability/CVE-2017-12227,,"A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973.",Cisco,Cisco Emergency Responder,5.4,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2017-09-07T21:00:00.000Z,0
CVE-2016-6468,https://securityvulnerability.io/vulnerability/CVE-2016-6468,,"A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).",Cisco,Cisco Emergency Responder,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2016-12-14T00:37:00.000Z,0
CVE-2016-9208,https://securityvulnerability.io/vulnerability/CVE-2016-9208,,"A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).",Cisco,Cisco Emergency Responder,6.5,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2016-12-14T00:37:00.000Z,0