CVE-2016-6468

Published on: 12/13/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:10 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Emergency Responder from Cisco contain the following vulnerability:

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).

  • CVE-2016-6468 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Cisco Emergency Responder Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1037428
Cisco Emergency Responder Cross-Site Request Forgery Vulnerability Vendor Advisory
tools.cisco.com
text/html
URL Logo CONFIRM tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer
Cisco Emergency Responder CVE-2016-6468 Cross Site Request Forgery Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94786

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoEmergency Responder11.5\(1.10000.4\)AllAllAll
ApplicationCiscoEmergency Responder11.5\(1.10000.4\)AllAllAll
  • cpe:2.3:a:cisco:emergency_responder:11.5\(1.10000.4\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:emergency_responder:11.5\(1.10000.4\):*:*:*:*:*:*:*: