CVE-2024-20347

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device.

Published: Apr 3, 2024
Updated: May 4, 2025
CVE: CVE-2024-20347
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / emergency_responder	14su3	14su3.x
cisco / emergency_responder	-	12.5(1)su8b
cisco / emergency_responder	14	14.x
cisco / emergency_responder	14su1	14su1.x
cisco / emergency_responder	14su2	14su2.x
cisco / emergency_responder	14su3a	14su3a.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr

Vulnerability Database

289,599

CVE-2024-20347