Cisco Expressway Series and TelePresence VCS Vulnerabilities Could Lead to CSRF Attacks

CVE-2024-20254

8.8HIGH

Key Information

Vendor
Cisco
Status
Cisco TelePresence Video Communication Server (VCS) Expressway
Vendor
CVE Published:
7 February 2024

Badges

πŸ“° News Worthy

Summary

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

Affected Version(s)

Cisco TelePresence Video Communication Server (VCS) Expressway = X8.5.1

Cisco TelePresence Video Communication Server (VCS) Expressway = X8.5.3

Cisco TelePresence Video Communication Server (VCS) Expressway = X8.5

News Articles

favicon imageGBHackers

Critical Cisco Expressway Flaw Let Remote Execute Arbitrary Code

Cisco patched the CSRF vulnerabilities identified as CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6).

4 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by GBHackers

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.