cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20352,https://securityvulnerability.io/vulnerability/CVE-2024-20352,Directory Traversal Vulnerability in Cisco Emergency Responder,"A vulnerability in Cisco Emergency Responder enables an authenticated, remote attacker to execute a directory traversal attack. This attack arises from inadequate protections in the web user interface of the affected system. By sending specially crafted requests to the web UI, an attacker can exploit this vulnerability to perform arbitrary actions with the affected user's privileges. Such actions may include accessing sensitive information like password or log files, and managing files by uploading or deleting them from the system.",Cisco,Cisco Emergency Responder,4.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-07-29T14:15:03.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2024-20347,https://securityvulnerability.io/vulnerability/CVE-2024-20347,CSRF Vulnerability in Cisco Emergency Responder Affects Company Operations,"A vulnerability in Cisco Emergency Responder could allow unauthorized remote attackers to execute a Cross-Site Request Forgery (CSRF) attack. This flaw stems from inadequate protection measures in the web interface of the system. By enticing a user to click on a specially crafted link, an attacker could leverage this vulnerability to perform arbitrary actions with the privileges of the user, which may include critical operations like deleting users on the device. Ensuring robust security practices and implementing safeguards against CSRF is essential for protecting affected systems.",Cisco,Cisco Emergency Responder,4.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2023-20101,https://securityvulnerability.io/vulnerability/CVE-2023-20101,Remote Authentication Bypass Vulnerability in Cisco Emergency Responder,"A security vulnerability exists in Cisco Emergency Responder that permits an unauthorized, remote attacker to gain access to the system by exploiting default, unchangeable root account credentials. These static credentials, which are meant only for development use, expose affected systems to potential illegitimate access. An attacker leveraging this flaw could execute arbitrary commands as the root user, thereby compromising the integrity and confidentiality of the network. Organizations utilizing Cisco Emergency Responder should take immediate steps to assess their risk and apply necessary mitigations.",Cisco,Cisco Emergency Responder,9.8,CRITICAL,0.0017800000496208668,false,,false,false,true,2024-10-23T20:15:06.000Z,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20259,https://securityvulnerability.io/vulnerability/CVE-2023-20259,Denial of Service Vulnerability in Cisco Unified Communications Products,"A vulnerability exists within an improperly secured API endpoint across various Cisco Unified Communications Products. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted HTTP request. This could result in excessive CPU utilization, leading to potential delays in call processing and affecting access to the web-based management interface. This API is not meant for device management and its exploitation could result in a denial of service condition. Fortunately, once the attack ceases, the affected devices are designed to recover automatically without needing manual intervention.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Prime Collaboration Deployment",7.5,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20266,https://securityvulnerability.io/vulnerability/CVE-2023-20266,Privilege Escalation Vulnerability in Cisco Unified Communications Products,"A security flaw exists in Cisco Emergency Responder and related Unified Communications products, allowing an authenticated remote attacker to gain root privileges. This vulnerability arises due to inadequate restrictions on the upgrade files utilized by the application. An attacker with valid platform administrator credentials could exploit this weakness by deploying a specially crafted upgrade file, thereby elevating their access rights and compromising the affected device's integrity.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager",7.2,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2021-1226,https://securityvulnerability.io/vulnerability/CVE-2021-1226,Cisco Unified Communications Products Information Disclosure Vulnerability,"A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",Cisco,Cisco Emergency Responder,4.3,MEDIUM,0.001500000013038516,false,,false,false,true,2024-08-03T17:15:45.000Z,,false,false,,2021-01-13T00:00:00.000Z,0
CVE-2019-16025,https://securityvulnerability.io/vulnerability/CVE-2019-16025,Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.",Cisco,Cisco Emergency Responder,5.5,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-05T02:15:48.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2018-15403,https://securityvulnerability.io/vulnerability/CVE-2018-15403,Multiple Cisco Unified Communications Products Open Redirect Vulnerability,"A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.",Cisco,Cisco Emergency Responder,5.4,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2017-12227,https://securityvulnerability.io/vulnerability/CVE-2017-12227,,"A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973.",Cisco,Cisco Emergency Responder,5.4,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2017-09-07T21:00:00.000Z,0
CVE-2016-9208,https://securityvulnerability.io/vulnerability/CVE-2016-9208,,"A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).",Cisco,Cisco Emergency Responder,6.5,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2016-12-14T00:37:00.000Z,0
CVE-2016-6468,https://securityvulnerability.io/vulnerability/CVE-2016-6468,,"A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).",Cisco,Cisco Emergency Responder,8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2016-12-14T00:37:00.000Z,0
CVE-2015-6400,https://securityvulnerability.io/vulnerability/CVE-2015-6400,,"Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547.",Cisco,Emergency Responder,,,0.0013500000350177288,false,,false,false,false,,,false,false,,2015-12-13T02:00:00.000Z,0
CVE-2015-6407,https://securityvulnerability.io/vulnerability/CVE-2015-6407,,"Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501.",Cisco,Emergency Responder,,,0.0011599999852478504,false,,false,false,false,,,false,false,,2015-12-13T02:00:00.000Z,0
CVE-2015-6405,https://securityvulnerability.io/vulnerability/CVE-2015-6405,,"Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.",Cisco,Emergency Responder,,,0.0015699999639764428,false,,false,false,false,,,false,false,,2015-12-13T02:00:00.000Z,0
CVE-2015-6406,https://securityvulnerability.io/vulnerability/CVE-2015-6406,,"Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.",Cisco,Emergency Responder,,,0.001230000052601099,false,,false,false,false,,,false,false,,2015-12-13T02:00:00.000Z,0
CVE-2014-2117,https://securityvulnerability.io/vulnerability/CVE-2014-2117,,"Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.",Cisco,Emergency Responder,,,0.002950000111013651,false,,false,false,false,,,false,false,,2014-04-04T15:00:00.000Z,0
CVE-2014-2116,https://securityvulnerability.io/vulnerability/CVE-2014-2116,,"Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.",Cisco,Emergency Responder,,,0.003010000102221966,false,,false,false,false,,,false,false,,2014-04-04T15:00:00.000Z,0
CVE-2014-2114,https://securityvulnerability.io/vulnerability/CVE-2014-2114,,"Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.",Cisco,Emergency Responder,,,0.002199999988079071,false,,false,false,false,,,false,false,,2014-04-04T15:00:00.000Z,0
CVE-2014-2115,https://securityvulnerability.io/vulnerability/CVE-2014-2115,,"Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.",Cisco,Emergency Responder,,,0.0015699999639764428,false,,false,false,false,,,false,false,,2014-04-04T15:00:00.000Z,0
CVE-2012-1346,https://securityvulnerability.io/vulnerability/CVE-2012-1346,,"Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369.",Cisco,Emergency Responder,,,0.001610000035725534,false,,false,false,false,,,false,false,,2012-08-06T18:55:00.000Z,0
CVE-2008-1154,https://securityvulnerability.io/vulnerability/CVE-2008-1154,,"The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.",Cisco,"Mobility Manager,Unified Communications Manager,Unified Presence,Emergency Responder",,,0.1260800063610077,false,,false,false,false,,,false,false,,2008-04-04T19:00:00.000Z,0
CVE-2005-0356,https://securityvulnerability.io/vulnerability/CVE-2005-0356,,"Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.",Cisco,"Secure Access Control Server,Mgx 8230,Mgx 8250,Personal Assistant,Unity Server,Interactive Voice Response,Call Manager,Support Tools,Web Collaboration Option,Remote Monitoring Suite Option,Ip Contact Center Express,Intelligent Contact Manager,Agent Desktop,E-mail Manager,Meetingplace,Alaxala,Emergency Responder,Ip Contact Center Enterprise",,,0.8651800155639648,false,,false,false,false,,,false,false,,2005-05-31T04:00:00.000Z,0
CVE-2004-1760,https://securityvulnerability.io/vulnerability/CVE-2004-1760,,"The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.",Cisco,"Personal Assistant,Ip Interactive Voice Response,Ip Call Center Express Standard,Call Manager,Internet Service Node,Director Agent,Ip Call Center Express Enhanced,Emergency Responder",,,0.03711000084877014,false,,false,false,false,,,false,false,,2004-01-21T05:00:00.000Z,0
CVE-2004-1759,https://securityvulnerability.io/vulnerability/CVE-2004-1759,,"Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning.",Cisco,"Personal Assistant,Ip Interactive Voice Response,Ip Call Center Express Standard,Call Manager,Internet Service Node,Director Agent,Ip Call Center Express Enhanced,Emergency Responder",,,0.20750999450683594,false,,false,false,false,,,false,false,,2004-01-21T05:00:00.000Z,0