Network solution provider Cisco Emergency Responder pages are vulnerable to cross site request forgery (CSRF),US cyber security division, DHS, explored the vulnerability in a blog post.
According to the post, Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier will allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.
Multiple pages vulnerable at Cisco responder can be potentially exploited by remote attacker who can then manage to disclose unauthorize information, can modify data and can also disrupt the entire service. So far, it seems , Cisco has taken no remedial measures to secure the bug.
View full post on Who Got Hacked – Latest Hacking News and Security Updates