Cisco Expressway Series and TelePresence VCS Vulnerabilities Could Lead to CSRF Attacks
CVE-2024-20252

9.6CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Telepresence Video Communication Server (vcs) Expressway
Vendor
CVE Published:
7 February 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Multiple vulnerabilities in Cisco's Expressway Series and TelePresence Video Communication Server (VCS) could permit unauthenticated, remote attackers to execute cross-site request forgery (CSRF) attacks. These attacks could enable malicious actors to perform arbitrary actions on affected devices without leaving any trace. The vulnerabilities impact both Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices, as well as the Video Communication Server, posing significant risks to system integrity and user security.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5

News Articles

favicon imageGBHackers

Critical Cisco Expressway Flaw Let Remote Execute Arbitrary Code

Cisco patched the CSRF vulnerabilities identified as CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6).

5 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 📰

    First article discovered by GBHackers

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.