What is CVE-2024-6074?

CVE-2024-6074 is a critical path traversal vulnerability in Intrado 911 Emergency Gateway (EGW) systems. It has a CVSS score of 9.8 out of 10 and allows an unauthenticated attacker to read, modify, or delete files on the system, potentially disrupting 911 services.

Which systems are affected by this vulnerability?

The vulnerability affects Intrado 911 Emergency Gateway (EGW) versions 5.x (before 5.2.2.16), 6.x (before 6.2.3.16), and 7.x (before 7.1.1.25). Any Public Safety Answering Point (PSAP) using these unpatched versions is at risk.

What is the real-world risk of this vulnerability?

The primary risk is the disruption of 911 emergency services. An attacker could crash the system, causing a complete outage, or modify call routing rules, sending emergency calls to the wrong location. This could delay or prevent emergency response, directly endangering public safety.

What is the most important action my organization should take?

The most critical action is to apply the security patches provided by Intrado immediately. Organizations should upgrade their EGW systems to the recommended fixed versions to eliminate the vulnerability. Following that, minimizing network exposure and implementing robust monitoring are key defensive measures.

Has this vulnerability been exploited in the wild?

As of the CISA advisory publication date, there were no known public exploits targeting this vulnerability. However, critical flaws like this are often reverse-engineered by threat actors shortly after disclosure, making immediate patching essential.

A critical flaw in 911 systems could allow attackers to disrupt emergency services

Introduction: The lifeline is vulnerable

A critical vulnerability has been uncovered in a core component of the United States' 911 emergency response infrastructure, posing a direct threat to public safety. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory for CVE-2024-6074, a path traversal flaw in Intrado’s 911 Emergency Gateway (EGW) systems. With a severity score of 9.8 out of 10, this vulnerability could allow an unauthenticated attacker to remotely access, alter, or delete files on systems responsible for routing emergency calls, potentially leading to catastrophic disruptions.

Background: The unseen backbone of emergency response

Intrado, a major technology provider in the emergency communications sector, develops the EGW systems used by Public Safety Answering Points (PSAPs)—the call centers that answer 911 calls. These gateways are the digital switchboards of modern emergency services, translating calls from various networks (like VoIP and cellular) into a format that can be handled by PSAP operators. They are responsible for routing calls to the correct dispatch center and providing critical location data for first responders. The affected EGW versions 5.x, 6.x, and 7.x are widely deployed, making this a nationwide concern for the Emergency Services Sector, which CISA designates as critical infrastructure.

Technical details: Unlocking the system with a simple trick

The vulnerability, CVE-2024-6074, is a classic but severe form of path traversal. This type of flaw allows an attacker to manipulate file path inputs to access files and directories stored outside the web server's intended root directory. In this case, the specific exploit pattern identified by CISA is '.../...//'. An attacker can use this sequence to trick the application into navigating up the directory tree.

For example, if an application expects a filename like 'report.pdf' from a specific directory, an attacker might submit an input like '.../...//etc/passwd'. The '../' sequence instructs the system to move up one directory level. By chaining these, an attacker can break out of the restricted directory and access sensitive system files from anywhere on the server.

The most alarming aspect of CVE-2024-6074 is that it is exploitable by an unauthenticated attacker. This means a threat actor does not need valid credentials or prior access to the network. They could potentially exploit this flaw from the internet if the EGW system is exposed, significantly lowering the barrier to attack.

Successful exploitation grants an attacker three dangerous capabilities:

Arbitrary File Read: An attacker could read sensitive configuration files containing network layouts, system credentials, or operational protocols. This information could be used to plan a more sophisticated, wider-scale attack on the PSAP's network.
Arbitrary File Modification: The ability to alter files is profoundly dangerous. An attacker could modify call routing rules, causing 911 calls to be sent to the wrong dispatch center or dropped entirely. They could also inject malicious code into system scripts to establish persistence or tamper with call logs to cover their tracks.
Arbitrary File Deletion: An attacker could simply delete critical operating system files or EGW application binaries, causing the entire system to crash. This would result in an immediate and complete denial of service for emergency call processing.

Impact assessment: A direct threat to public safety

The potential consequences of this vulnerability being exploited are dire. This is not a theoretical risk involving data theft; it is a direct threat to human life and the operational integrity of emergency services.

Who is affected?

Public Safety Answering Points (PSAPs): Any 911 call center in the U.S. and other regions using the affected Intrado EGW versions is at immediate risk. These organizations are the primary targets.
First Responders: Police, fire, and emergency medical services depend on the timely and accurate information provided by PSAPs. A compromised EGW system could delay or prevent them from being dispatched, with life-or-death consequences.
The General Public: Every person who relies on the 911 system for help is indirectly affected. An outage or misrouting of calls during a major incident, such as a natural disaster or active shooter event, could lead to a significant loss of life.

The severity of the impact cannot be overstated. A successful attack could blind a dispatch center, leaving operators unable to receive calls or locate people in distress. The psychological impact on a community that has lost trust in its emergency lifeline would be immense and long-lasting.

How to protect yourself: Immediate and necessary actions

Intrado has released patches to fix this vulnerability, and CISA urges all affected organizations to take immediate action. While there are no known public exploits for CVE-2024-6074 at this time, sophisticated actors often develop them quickly following public disclosure.

Administrators of Intrado EGW systems should prioritize the following steps:

Patch Immediately: The most critical step is to update to a patched version as specified by the vendor. According to Intrado, organizations should upgrade to EGW 7.1.1.25 or later, 6.2.3.16 or later, or 5.2.2.16 or later to mitigate the vulnerability.
Minimize Network Exposure: Critical systems like 911 gateways should never be directly exposed to the public internet. Ensure the EGW is behind a properly configured firewall and is only accessible from trusted internal networks. Conduct a network audit to validate that no unintended access paths exist.
Implement Network Segmentation: Isolate the EGW systems from other parts of the network, such as administrative or business systems. This practice, known as segmentation, can prevent an attacker who compromises one system from moving laterally to others.
Secure Remote Access: All remote administrative access to these systems must be strictly controlled. Use multi-factor authentication (MFA) and ensure connections are made through a secure VPN service to encrypt traffic and conceal the network's internal structure.
Monitor for Suspicious Activity: Implement robust logging and monitoring on the EGW systems and surrounding network devices. Look for unusual file access patterns, outbound connections to unknown destinations, or repeated failed login attempts, which could indicate a compromise attempt.
Review Incident Response Plans: Ensure your organization has a tested incident response plan specifically for a 911 system outage. This plan should include manual backup procedures for handling emergency calls and clear communication protocols for notifying the public and relevant agencies.

This vulnerability is a stark reminder that the operational technology underpinning our most essential services is a high-value target. The prompt response from Intrado and the clear guidance from CISA provide a path forward, but the responsibility now falls on every PSAP and emergency service provider to act decisively to secure this critical lifeline.