← voltar
CVE-2024-20347

CVE-2024-20347

CVSS 4.3 MEDIUMEPSS 0.2%CWE-352
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
03 abr 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N