Cisco Emergency Responder Remote Denial of Service Vulnerability

Cisco Emergency Responder contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to the improper handling of malformed UDP packets by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by submitting malformed UDP packets to the vulnerable software. If successful, the attacker could cause a targeted device to consume excessive CPU resources, resulting in a DoS condition.

Cisco has confirmed this vulnerability and released software updates.

A successful exploit could allow an attacker to cause a device to stop responding, potentially preventing authorized users from accessing network resources served by the targeted device.

To exploit the vulnerability, an attacker must send malformed UDP packets to a targeted device. The attacker may need access to trusted, internal networks, which could limit the likelihood of a successful exploit.

This alert contains CVSS scoring supplied by Cisco, the primary vendor of the affected product. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.