A vulnerability was found in Cisco Emergency Responder up to 8.6. It has been declared as critical. This vulnerability affects an unknown code. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect integrity. CVE summarizes:

Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.

The weakness was presented 04/04/2014 as 33642 as confirmed vulnerability alert (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2014-2117 since 02/25/2014. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 02/06/2022).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

See 66867, 66866 and 66865 for similar entries.

Productinfo

Vendor

• Cisco

Name

• Emergency Responder

Version

• 8.0
• 8.1
• 8.2
• 8.3
• 8.4
• 8.5
• 8.6

License

• commercial

Support

• end of life (old version)

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion