Vulnerability Description
A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Emergency Responder | 11.5\(1.10000.4\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037428Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/94786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037428Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2016-6468?
CVE-2016-6468 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arb...
How severe is CVE-2016-6468?
CVE-2016-6468 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6468?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Emergency Responder.