Cisco Expressway Series and TelePresence VCS Vulnerabilities Could Lead to CSRF Attacks

CVE-2024-20252

9.6CRITICAL

Key Information

Vendor: Cisco
Status: Cisco Telepresence Video Communication Server (vcs) Expressway
Vendor: CVE Published:; 7 February 2024

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway = X8.5.1

Cisco TelePresence Video Communication Server (VCS) Expressway = X8.5.3

Cisco TelePresence Video Communication Server (VCS) Expressway = X8.5

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit exists.
Jul 29, 2024
Risk change from: 8.8 to: 9.6 - (CRITICAL)
Jul 29, 2024
Vulnerability published.
Feb 7, 2024
Vulnerability Reserved.
Nov 8, 2023

Collectors

NVD DatabaseMitre Database