Cisco Emergency Responder vulnerable to CSRF

Network solution provider Cisco Emergency Responder pages are vulnerable to cross site request forgery (CSRF),US cyber security division, DHS, explored the vulnerability in a blog post. 

 According to the post, Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier will allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. 

Multiple pages vulnerable at Cisco responder can be potentially exploited by remote attacker who can then manage to disclose unauthorize information, can modify data and can also disrupt the entire service. So far, it seems , Cisco has taken no remedial measures to secure the bug.

Source: http://whogothack.blogspot.co.uk/2014/04/cisco-emergency-responder-vulnerable-to.html#.VnHTOMZ97IU

The post Cisco Emergency Responder vulnerable to CSRF appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

. . . . . . . .

Print Friendly, PDF & Email

Leave a Reply