1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Intrado
- Equipment: 911 Emergency Gateway (EGW)
- Vulnerability: SQL Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute malicious code, exfiltrate data, or manipulate the database.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Intrado’s 911 Emergency Gateway are affected:
- 911 Emergency Gateway (EGW): All versions
3.2 Vulnerability Overview
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (‘SQL INJECTION’) CWE-89
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an attacker to execute malicious code, exfiltrate data, or manipulate the database.
CVE-2024-1839 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-1839. A base score of 10.0 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L/S:P/AU:Y/R:U/V:C).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Emergency Services
- COUNTRIES/AREA
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: