Cisco Emergency Responder — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Emergency Responder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2008-1154 — CVSS 10.0 (critical): The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager…
CVE-2004-1760 — CVSS 10.0 (critical): The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require…
CVE-2023-20101 — CVSS 9.8 (critical): A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root…
CVE-2017-12337 — CVSS 9.8 (critical): A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could…
CVE-2016-6468 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to…
CVE-2023-20259 — CVSS 8.6 (high): A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to…
CVE-2017-6779 — CVSS 7.5 (high): Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration…
CVE-2014-2115 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow…
CVE-2015-6405 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the…
CVE-2016-9208 — CVSS 6.5 (medium): A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder…
CVE-2018-15403 — CVSS 5.4 (medium): A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications…
CVE-2017-12227 — CVSS 5.4 (medium): A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a…
CVE-2004-1759 — CVSS 5.0 (medium): Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of…
CVE-2005-0356 — CVSS 5.0 (medium): Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote…
CVE-2012-1346 — CVSS 5.0 (medium): Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP…
CVE-2024-20352 — CVSS 4.9 (medium): A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which…
CVE-2019-16025 — CVSS 4.8 (medium): A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site…
CVE-2014-2117 — CVSS 4.3 (medium): Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to…
CVE-2021-1226 — CVSS 4.3 (medium): A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session…
CVE-2014-2114 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject…
CVE-2024-20347 — CVSS 4.3 (medium): A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow…
CVE-2014-2116 — CVSS 4.3 (medium): Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified…
CVE-2015-6407 — CVSS 4.0 (medium): Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug…
CVE-2015-6406 — CVSS 4.0 (medium): Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write…