Cisco Expressway Series and TelePresence VCS Vulnerabilities Could Lead to CSRF Attacks
CVE-2024-20254

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco TelePresence Video Communication Server (VCS) Expressway
Vendor
CVE Published:
7 February 2024

Badges

📰 News Worthy

Summary

Multiple vulnerabilities have been identified in the Cisco Expressway Series and the Cisco TelePresence Video Communication Server (VCS). These vulnerabilities could allow unauthenticated remote attackers to conduct cross-site request forgery (CSRF) attacks. Such attacks enable adversaries to perform arbitrary actions on the affected devices without proper authentication. It is critical for organizations utilizing these Cisco products to review their systems and implement necessary security measures to mitigate potential exploitation. For additional details, refer to the associated Cisco security advisory.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5

News Articles

favicon imageGBHackers

Critical Cisco Expressway Flaw Let Remote Execute Arbitrary Code

Cisco patched the CSRF vulnerabilities identified as CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6).

5 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by GBHackers

  • Vulnerability published

  • Vulnerability Reserved

.