CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-20252

CVSS 9.6v3.1pub. 2024-02-07upd. 2024-11-21

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Cisco Expressway

    APP
    Cisco
    ≤ 15.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-20254CRITICAL9.6PL ✓ten sam produkt

CSRF w Cisco Expressway i TelePresence VCS umożliwiający zdalne działania

CVE-2022-20812CRITICAL9.0ten sam produkt

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and C...

CVE-2022-20813CRITICAL9.0ten sam produkt

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and C...

CVE-2024-20255HIGH8.2ten sam produkt

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server c...

CVE-2018-5390HIGH7.5ten sam produkt

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prun...