CVE-2024-1839

Description

Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate data, or manipulate the database.

Remediation

Solution:

Intrado has provided a patch to mitigate the vulnerability. Any EGWs deployed on older revisions will need to be upgraded to the 5.5/5.6 branch to apply the patch. For assistance in obtaining the patch, contact Intrado's technical support group at 1-888-908-4167 or E911Support@intrado.com https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/E911Support@intrado.com .

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-04

Frequently Asked Questions

What is the severity of CVE-2024-1839?: CVE-2024-1839 has been scored as a critical severity vulnerability.
How to fix CVE-2024-1839?: To fix CVE-2024-1839: Intrado has provided a patch to mitigate the vulnerability. Any EGWs deployed on older revisions will need to be upgraded to the 5.5/5.6 branch to apply the patch. For assistance in obtaining the patch, contact Intrado's technical support group at 1-888-908-4167 or E911Support@intrado.com https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/E911Support@intrado.com .
Is CVE-2024-1839 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-1839 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-1839?: CVE-2024-1839 affects Intrado 911 Emergency Gateway (EGW).

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions