CVE-2024-1839

EUVD-2024-17564
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate data, or manipulate the database.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
intrado911_emergency_gateway_firmware
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
intrado911_emergency_gateway
𝑥
< 5.5
ADP
intrado911_emergency_gateway
𝑥
< 5.6
ADP
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-04
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-04