CVE-2014-2115: CSRF
First published: Fri Apr 04 2014(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Emergency Responder | <=8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2115?
CVE-2014-2115 has a medium severity rating due to its potential to allow cross-site request forgery attacks.
How do I fix CVE-2014-2115?
To fix CVE-2014-2115, it is recommended to upgrade to a version of Cisco Emergency Responder later than 8.6.
What systems are affected by CVE-2014-2115?
CVE-2014-2115 affects Cisco Emergency Responder versions 8.6 and earlier.
What is cross-site request forgery as related to CVE-2014-2115?
Cross-site request forgery related to CVE-2014-2115 allows attackers to perform unauthorized actions on behalf of users by exploiting web application flaws.
What is the impact of exploiting CVE-2014-2115?
Exploiting CVE-2014-2115 can lead to the hijacking of user authentication, allowing attackers to perform actions as legitimate users.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/cisco
- canonical/cisco emergency responder
- version/cisco emergency responder/8.6