Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 | Vendor Advisory |
Configurations
History
15 Feb 2024, 15:54
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cisco
Cisco expressway |
|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 - Vendor Advisory | |
CPE | cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:* | |
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
07 Feb 2024, 17:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 17:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-20254
Mitre link : CVE-2024-20254
CVE.ORG link : CVE-2024-20254
JSON object : View
Products Affected
cisco
- expressway
CWE
CWE-352
Cross-Site Request Forgery (CSRF)