CVE-2024-20347

MEDIUM

Cisco Emergency Responder - Cross-Site Request Forgery

Title source: llm

Description

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr

Scores

CVSS v3 4.3

EPSS 0.0016

EPSS Percentile 36.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (6)

cisco/emergency_responder 14

cisco/emergency_responder 14su1

cisco/emergency_responder 14su2

cisco/emergency_responder 14su3

cisco/emergency_responder 14su3a

cisco/emergency_responder < 12.5(1)su8b

Published Apr 03, 2024

Tracked Since Feb 18, 2026