CVE-2024-20352

Summary

A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Emergency Responder10.5(1a)affected
CiscoCisco Emergency Responder10.5(1)affected
CiscoCisco Emergency Responder11.5(4)SU2affected
CiscoCisco Emergency Responder11.5(4)SU4affected
CiscoCisco Emergency Responder11.5(4)SU3affected
CiscoCisco Emergency Responder11.5(1)affected
CiscoCisco Emergency Responder11.5(3)affected
CiscoCisco Emergency Responder11.5(2)affected
CiscoCisco Emergency Responder11.5(4a)affected
CiscoCisco Emergency Responder11.5(4)affected
CiscoCisco Emergency Responder11.5(2a)affected
CiscoCisco Emergency Responder11.5(4)SU10affected
CiscoCisco Emergency Responder11.5(4)SU9affected
CiscoCisco Emergency Responder11.5(4)SU11affected
CiscoCisco Emergency Responder12.5(1)affected
CiscoCisco Emergency Responder12.5(1)SU2affected
CiscoCisco Emergency Responder12.5(1)SU3affected
CiscoCisco Emergency Responder12.5(1)SU1affected
CiscoCisco Emergency Responder12.5(1a)affected
CiscoCisco Emergency Responder12.5(1)SU4affected
CiscoCisco Emergency Responder12.5(1)SU5affected
CiscoCisco Emergency Responder12.5(1)SU6affected
CiscoCisco Emergency Responder12.5(1)SU7affected
CiscoCisco Emergency Responder12.5(1)SU8affected
CiscoCisco Emergency Responder12.5(1)SU8aaffected
CiscoCisco Emergency Responder12.5(1)SU8baffected
CiscoCisco Emergency Responder12.0(1) SU2affected
CiscoCisco Emergency Responder12.0(1) SU1affected
CiscoCisco Emergency Responder12.0(1)affected
CiscoCisco Emergency Responder10.0.2affected
CiscoCisco Emergency Responder10.0(1)affected
CiscoCisco Emergency Responder11.0(1)affected
CiscoCisco Emergency Responder14SU1affected
CiscoCisco Emergency Responder14SU2affected
CiscoCisco Emergency Responder14affected

Weaknesses

  • CWE-23: Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References