CVE-2014-2115

Published: Apr 4, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.

Affected (1)

Products: Cisco: Emergency Responder

Cisco

1 product

Emergency Responder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Emergency Responder	Up to 8.6

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=33643

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/66631

Source: psirt@cisco.com

http://www.securitytracker.com/id/1030019

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=33643

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/66631

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030019

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.