Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
References
Configurations
History
21 Nov 2024, 08:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
15 Feb 2024, 15:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 - Vendor Advisory | |
CWE | CWE-352 | |
CPE | cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Cisco
Cisco expressway |
07 Feb 2024, 17:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 17:15
Updated : 2024-11-21 08:52
NVD link : CVE-2024-20252
Mitre link : CVE-2024-20252
CVE.ORG link : CVE-2024-20252
JSON object : View
Products Affected
cisco
- expressway
CWE
CWE-352
Cross-Site Request Forgery (CSRF)