CVE-2024-20254
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
Múltiples vulnerabilidades en Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podrían permitir que un atacante remoto no autenticado realice ataques de cross-site request forgery (CSRF) que realicen acciones arbitrarias en un dispositivo afectado. Nota: "Serie Cisco Expressway" se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E). Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles ["#details"] de este aviso.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-11-08 CVE Reserved
- 2024-02-07 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-22 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Expressway Search vendor "Cisco" for product "Expressway" | <= 15.0 Search vendor "Cisco" for product "Expressway" and version " <= 15.0" | - |
Affected
| ||||||