CISA warns of critical issue in Intrado 911 Emergency Gateway
Take action: If you are using Intrado 911 Emergency Gateway, make sure that it's isolated from the internet, then patch ASAP. This is maximum severity flaw, so any hacker even indirectly able to reach the Gateway will cause a lot of damage.
Learn More
Intrado has addressed a critical SQL injection vulnerability in its 911 Emergency Gateway (EGW), tracked as CVE-2024-1839 (CVSS score 10).
This flaw is an SQL Injection that could allow attackers to execute malicious code, exfiltrate sensitive data, or manipulate the database. The login form of the Intrado 911 Emergency Gateway is vulnerable to unauthenticated blind time-based SQL injection. This vulnerability could enable attackers to run arbitrary SQL commands on the database.
Affected Products are all versions of Intrado's 911 Emergency Gateway (EGW).
Intrado has released a patch to address this critical vulnerability. Affected systems need to be upgraded to the 5.5/5.6 branch to apply the patch.
