CVE-2024-20352

Name of the Vulnerable Software and Affected Versions Cisco Emergency Responder (affected versions not specified)

Description A vulnerability in the web UI of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack. This is due to insufficient protections for the web UI, allowing an attacker to send crafted requests and potentially perform arbitrary actions on an affected device. A successful exploit could allow the attacker to access sensitive files, such as password or log files, or upload and delete existing files from the system, all with the privilege level of the affected user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.