OpenCVE

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Expressway

Configuration 1 [-]

cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-02-07T16:15:06.066Z

Updated: 2024-08-01T21:52:31.791Z

Reserved: 2023-11-08T15:08:07.622Z

Link: CVE-2024-20252

Vulnrichment

Updated: 2024-08-01T21:52:31.791Z

NVD

Status : Modified

Published: 2024-02-07T17:15:09.913

Modified: 2024-11-21T08:52:06.800

Link: CVE-2024-20252

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20252", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.622Z", "datePublished": "2024-02-07T16:15:06.066Z", "dateUpdated": "2024-08-01T21:52:31.791Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-02-07T16:15:06.066Z"}, "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."}], "affected": [{"vendor": "Cisco", "product": "Cisco TelePresence Video Communication Server (VCS) Expressway", "versions": [{"version": "X8.5.1", "status": "affected"}, {"version": "X8.5.3", "status": "affected"}, {"version": "X8.5", "status": "affected"}, {"version": "X8.6.1", "status": "affected"}, {"version": "X8.6", "status": "affected"}, {"version": "X8.1.1", "status": "affected"}, {"version": "X8.1.2", "status": "affected"}, {"version": "X8.1", "status": "affected"}, {"version": "X8.2.1", "status": "affected"}, {"version": "X8.2.2", "status": "affected"}, {"version": "X8.2", "status": "affected"}, {"version": "X8.7.1", "status": "affected"}, {"version": "X8.7.2", "status": "affected"}, {"version": "X8.7.3", "status": "affected"}, {"version": "X8.7", "status": "affected"}, {"version": "X8.8.1", "status": "affected"}, {"version": "X8.8.2", "status": "affected"}, {"version": "X8.8.3", "status": "affected"}, {"version": "X8.8", "status": "affected"}, {"version": "X8.9.1", "status": "affected"}, {"version": "X8.9.2", "status": "affected"}, {"version": "X8.9", "status": "affected"}, {"version": "X8.10.0", "status": "affected"}, {"version": "X8.10.1", "status": "affected"}, {"version": "X8.10.2", "status": "affected"}, {"version": "X8.10.3", "status": "affected"}, {"version": "X8.10.4", "status": "affected"}, {"version": "X12.5.8", "status": "affected"}, {"version": "X12.5.9", "status": "affected"}, {"version": "X12.5.0", "status": "affected"}, {"version": "X12.5.2", "status": "affected"}, {"version": "X12.5.7", "status": "affected"}, {"version": "X12.5.3", "status": "affected"}, {"version": "X12.5.4", "status": "affected"}, {"version": "X12.5.5", "status": "affected"}, {"version": "X12.5.1", "status": "affected"}, {"version": "X12.5.6", "status": "affected"}, {"version": "X12.6.0", "status": "affected"}, {"version": "X12.6.1", "status": "affected"}, {"version": "X12.6.2", "status": "affected"}, {"version": "X12.6.3", "status": "affected"}, {"version": "X12.6.4", "status": "affected"}, {"version": "X12.7.0", "status": "affected"}, {"version": "X12.7.1", "status": "affected"}, {"version": "X8.11.1", "status": "affected"}, {"version": "X8.11.2", "status": "affected"}, {"version": "X8.11.4", "status": "affected"}, {"version": "X8.11.3", "status": "affected"}, {"version": "X8.11.0", "status": "affected"}, {"version": "X14.0.1", "status": "affected"}, {"version": "X14.0.3", "status": "affected"}, {"version": "X14.0.2", "status": "affected"}, {"version": "X14.0.4", "status": "affected"}, {"version": "X14.0.5", "status": "affected"}, {"version": "X14.0.6", "status": "affected"}, {"version": "X14.0.7", "status": "affected"}, {"version": "X14.0.8", "status": "affected"}, {"version": "X14.0.9", "status": "affected"}, {"version": "X14.0.10", "status": "affected"}, {"version": "X14.0.11", "status": "affected"}, {"version": "X14.2.1", "status": "affected"}, {"version": "X14.2.2", "status": "affected"}, {"version": "X14.2.5", "status": "affected"}, {"version": "X14.2.6", "status": "affected"}, {"version": "X14.2.0", "status": "affected"}, {"version": "X14.2.7", "status": "affected"}, {"version": "X14.3.0", "status": "affected"}, {"version": "X14.3.1", "status": "affected"}, {"version": "X14.3.2", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Cross-Site Request Forgery (CSRF)", "type": "cwe", "cweId": "CWE-352"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", "name": "cisco-sa-expressway-csrf-KnnZDMj3"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-expressway-csrf-KnnZDMj3", "discovery": "INTERNAL", "defects": ["CSCwa25099"]}}, "adp": [{"affected": [{"vendor": "cisco", "product": "telepresence_video_communication_server_software", "cpes": ["cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.10:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.11:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.2:*:*:*:expressway:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "x8.5.1", "status": "affected"}, {"version": "x8.5.3", "status": "affected"}, {"version": "x8.5", "status": "affected"}, {"version": "x8.6.1", "status": "affected"}, {"version": "x8.6", "status": "affected"}, {"version": "x8.1.1", "status": "affected"}, {"version": "x8.1.2", "status": "affected"}, {"version": "x8.1", "status": "affected"}, {"version": "x8.2.1", "status": "affected"}, {"version": "x8.2.2", "status": "affected"}, {"version": "x8.2", "status": "affected"}, {"version": "x8.7.1", "status": "affected"}, {"version": "x8.7.2", "status": "affected"}, {"version": "x8.7.3", "status": "affected"}, {"version": "x8.7", "status": "affected"}, {"version": "x8.8.1", "status": "affected"}, {"version": "x8.8.2", "status": "affected"}, {"version": "x8.8.3", "status": "affected"}, {"version": "x8.8", "status": "affected"}, {"version": "x8.9.1", "status": "affected"}, {"version": "x8.9.2", "status": "affected"}, {"version": "x8.9", "status": "affected"}, {"version": "x8.10.0", "status": "affected"}, {"version": "x8.10.1", "status": "affected"}, {"version": "x8.10.2", "status": "affected"}, {"version": "x8.10.3", "status": "affected"}, {"version": "x8.10.4", "status": "affected"}, {"version": "x12.5.8", "status": "affected"}, {"version": "x12.5.9", "status": "affected"}, {"version": "x12.5.0", "status": "affected"}, {"version": "x12.5.2", "status": "affected"}, {"version": "x12.5.7", "status": "affected"}, {"version": "x12.5.3", "status": "affected"}, {"version": "x12.5.4", "status": "affected"}, {"version": "x12.5.5", "status": "affected"}, {"version": "x12.5.1", "status": "affected"}, {"version": "x12.5.6", "status": "affected"}, {"version": "x12.6.0", "status": "affected"}, {"version": "x12.6.1", "status": "affected"}, {"version": "x12.6.2", "status": "affected"}, {"version": "x12.6.3", "status": "affected"}, {"version": "x12.6.4", "status": "affected"}, {"version": "x12.7.0", "status": "affected"}, {"version": "x12.7.1", "status": "affected"}, {"version": "x8.11.1", "status": "affected"}, {"version": "x8.11.2", "status": "affected"}, {"version": "x8.11.4", "status": "affected"}, {"version": "x8.11.3", "status": "affected"}, {"version": "x8.11.0", "status": "affected"}, {"version": "x14.0.1", "status": "affected"}, {"version": "x14.0.3", "status": "affected"}, {"version": "x14.0.2", "status": "affected"}, {"version": "x14.0.4", "status": "affected"}, {"version": "x14.0.5", "status": "affected"}, {"version": "x14.0.6", "status": "affected"}, {"version": "x14.0.7", "status": "affected"}, {"version": "x14.0.8", "status": "affected"}, {"version": "x14.0.9", "status": "affected"}, {"version": "x14.0.10", "status": "affected"}, {"version": "x14.0.11", "status": "affected"}, {"version": "x14.2.1", "status": "affected"}, {"version": "x14.2.2", "status": "affected"}, {"version": "x14.2.5", "status": "affected"}, {"version": "x14.2.6", "status": "affected"}, {"version": "x14.2.0", "status": "affected"}, {"version": "x14.2.7", "status": "affected"}, {"version": "x14.3.0", "status": "affected"}, {"version": "x14.3.1", "status": "affected"}, {"version": "x14.3.2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-08T05:00:09.985386Z", "id": "CVE-2024-20252", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T20:37:52.838Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.791Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", "name": "cisco-sa-expressway-csrf-KnnZDMj3", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", "name": "cisco-sa-expressway-csrf-KnnZDMj3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.791Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20252", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-08T05:00:09.985386Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.10:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.11:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.2:*:*:*:expressway:*:*:*"], "vendor": "cisco", "product": "telepresence_video_communication_server_software", "versions": [{"status": "affected", "version": "x8.5.1"}, {"status": "affected", "version": "x8.5.3"}, {"status": "affected", "version": "x8.5"}, {"status": "affected", "version": "x8.6.1"}, {"status": "affected", "version": "x8.6"}, {"status": "affected", "version": "x8.1.1"}, {"status": "affected", "version": "x8.1.2"}, {"status": "affected", "version": "x8.1"}, {"status": "affected", "version": "x8.2.1"}, {"status": "affected", "version": "x8.2.2"}, {"status": "affected", "version": "x8.2"}, {"status": "affected", "version": "x8.7.1"}, {"status": "affected", "version": "x8.7.2"}, {"status": "affected", "version": "x8.7.3"}, {"status": "affected", "version": "x8.7"}, {"status": "affected", "version": "x8.8.1"}, {"status": "affected", "version": "x8.8.2"}, {"status": "affected", "version": "x8.8.3"}, {"status": "affected", "version": "x8.8"}, {"status": "affected", "version": "x8.9.1"}, {"status": "affected", "version": "x8.9.2"}, {"status": "affected", "version": "x8.9"}, {"status": "affected", "version": "x8.10.0"}, {"status": "affected", "version": "x8.10.1"}, {"status": "affected", "version": "x8.10.2"}, {"status": "affected", "version": "x8.10.3"}, {"status": "affected", "version": "x8.10.4"}, {"status": "affected", "version": "x12.5.8"}, {"status": "affected", "version": "x12.5.9"}, {"status": "affected", "version": "x12.5.0"}, {"status": "affected", "version": "x12.5.2"}, {"status": "affected", "version": "x12.5.7"}, {"status": "affected", "version": "x12.5.3"}, {"status": "affected", "version": "x12.5.4"}, {"status": "affected", "version": "x12.5.5"}, {"status": "affected", "version": "x12.5.1"}, {"status": "affected", "version": "x12.5.6"}, {"status": "affected", "version": "x12.6.0"}, {"status": "affected", "version": "x12.6.1"}, {"status": "affected", "version": "x12.6.2"}, {"status": "affected", "version": "x12.6.3"}, {"status": "affected", "version": "x12.6.4"}, {"status": "affected", "version": "x12.7.0"}, {"status": "affected", "version": "x12.7.1"}, {"status": "affected", "version": "x8.11.1"}, {"status": "affected", "version": "x8.11.2"}, {"status": "affected", "version": "x8.11.4"}, {"status": "affected", "version": "x8.11.3"}, {"status": "affected", "version": "x8.11.0"}, {"status": "affected", "version": "x14.0.1"}, {"status": "affected", "version": "x14.0.3"}, {"status": "affected", "version": "x14.0.2"}, {"status": "affected", "version": "x14.0.4"}, {"status": "affected", "version": "x14.0.5"}, {"status": "affected", "version": "x14.0.6"}, {"status": "affected", "version": "x14.0.7"}, {"status": "affected", "version": "x14.0.8"}, {"status": "affected", "version": "x14.0.9"}, {"status": "affected", "version": "x14.0.10"}, {"status": "affected", "version": "x14.0.11"}, {"status": "affected", "version": "x14.2.1"}, {"status": "affected", "version": "x14.2.2"}, {"status": "affected", "version": "x14.2.5"}, {"status": "affected", "version": "x14.2.6"}, {"status": "affected", "version": "x14.2.0"}, {"status": "affected", "version": "x14.2.7"}, {"status": "affected", "version": "x14.3.0"}, {"status": "affected", "version": "x14.3.1"}, {"status": "affected", "version": "x14.3.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T20:08:53.491Z"}}], "cna": {"source": {"defects": ["CSCwa25099"], "advisory": "cisco-sa-expressway-csrf-KnnZDMj3", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco TelePresence Video Communication Server (VCS) Expressway", "versions": [{"status": "affected", "version": "X8.5.1"}, {"status": "affected", "version": "X8.5.3"}, {"status": "affected", "version": "X8.5"}, {"status": "affected", "version": "X8.6.1"}, {"status": "affected", "version": "X8.6"}, {"status": "affected", "version": "X8.1.1"}, {"status": "affected", "version": "X8.1.2"}, {"status": "affected", "version": "X8.1"}, {"status": "affected", "version": "X8.2.1"}, {"status": "affected", "version": "X8.2.2"}, {"status": "affected", "version": "X8.2"}, {"status": "affected", "version": "X8.7.1"}, {"status": "affected", "version": "X8.7.2"}, {"status": "affected", "version": "X8.7.3"}, {"status": "affected", "version": "X8.7"}, {"status": "affected", "version": "X8.8.1"}, {"status": "affected", "version": "X8.8.2"}, {"status": "affected", "version": "X8.8.3"}, {"status": "affected", "version": "X8.8"}, {"status": "affected", "version": "X8.9.1"}, {"status": "affected", "version": "X8.9.2"}, {"status": "affected", "version": "X8.9"}, {"status": "affected", "version": "X8.10.0"}, {"status": "affected", "version": "X8.10.1"}, {"status": "affected", "version": "X8.10.2"}, {"status": "affected", "version": "X8.10.3"}, {"status": "affected", "version": "X8.10.4"}, {"status": "affected", "version": "X12.5.8"}, {"status": "affected", "version": "X12.5.9"}, {"status": "affected", "version": "X12.5.0"}, {"status": "affected", "version": "X12.5.2"}, {"status": "affected", "version": "X12.5.7"}, {"status": "affected", "version": "X12.5.3"}, {"status": "affected", "version": "X12.5.4"}, {"status": "affected", "version": "X12.5.5"}, {"status": "affected", "version": "X12.5.1"}, {"status": "affected", "version": "X12.5.6"}, {"status": "affected", "version": "X12.6.0"}, {"status": "affected", "version": "X12.6.1"}, {"status": "affected", "version": "X12.6.2"}, {"status": "affected", "version": "X12.6.3"}, {"status": "affected", "version": "X12.6.4"}, {"status": "affected", "version": "X12.7.0"}, {"status": "affected", "version": "X12.7.1"}, {"status": "affected", "version": "X8.11.1"}, {"status": "affected", "version": "X8.11.2"}, {"status": "affected", "version": "X8.11.4"}, {"status": "affected", "version": "X8.11.3"}, {"status": "affected", "version": "X8.11.0"}, {"status": "affected", "version": "X14.0.1"}, {"status": "affected", "version": "X14.0.3"}, {"status": "affected", "version": "X14.0.2"}, {"status": "affected", "version": "X14.0.4"}, {"status": "affected", "version": "X14.0.5"}, {"status": "affected", "version": "X14.0.6"}, {"status": "affected", "version": "X14.0.7"}, {"status": "affected", "version": "X14.0.8"}, {"status": "affected", "version": "X14.0.9"}, {"status": "affected", "version": "X14.0.10"}, {"status": "affected", "version": "X14.0.11"}, {"status": "affected", "version": "X14.2.1"}, {"status": "affected", "version": "X14.2.2"}, {"status": "affected", "version": "X14.2.5"}, {"status": "affected", "version": "X14.2.6"}, {"status": "affected", "version": "X14.2.0"}, {"status": "affected", "version": "X14.2.7"}, {"status": "affected", "version": "X14.3.0"}, {"status": "affected", "version": "X14.3.1"}, {"status": "affected", "version": "X14.3.2"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", "name": "cisco-sa-expressway-csrf-KnnZDMj3"}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-02-07T16:15:06.066Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20252", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:52:31.791Z", "dateReserved": "2023-11-08T15:08:07.622Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-02-07T16:15:06.066Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A7F785F-B9AD-4036-B752-61CB9F69B16C", "versionEndIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podr\u00edan permitir que un atacante remoto no autenticado realice ataques de cross-site request forgery (CSRF) que realicen acciones arbitrarias en un dispositivo afectado. Nota: \"Serie Cisco Expressway\" se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E). Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles [\"#details\"] de este aviso."}], "id": "CVE-2024-20252", "lastModified": "2024-11-21T08:52:06.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-07T17:15:09.913", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object