Description
A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system.
Scores
CVSS v3
4.9
EPSS
0.0027
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-23
Status
published
Products (6)
cisco/emergency_responder
14
cisco/emergency_responder
14su1
cisco/emergency_responder
14su2
cisco/emergency_responder
14su3
cisco/emergency_responder
14su3a
cisco/emergency_responder
< 12.5(1)su8b
Published
Apr 03, 2024
Tracked Since
Feb 18, 2026