Vulnerability-Lookup

BDU:2024-01084

Vulnerability from fstec - Published: 07.02.2024

Title

Уязвимость прикладного программного интерфейса устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS, позволяющая нарушителю выполнять произвольные команды

Description

Уязвимость прикладного программного интерфейса устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнять произвольные команды путём перехода пользователя прикладного программного интерфейса по специально сформированной ссылке

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

TelePresence Video Communication Server, Cisco Expressway

Software Version

- (TelePresence Video Communication Server), до 14.3.4 (Cisco Expressway), от 15.0 до 15.0.0 (Cisco Expressway)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - отключение функции прикладного программного интерфейса (API) кластерной базы данных (CDB); - использование средств межсетевого экранирования уровня веб-приложений для ограничения возможности удалённого доступа; - использование виртуальных частных сетей для организации удаленного доступа (VPN). Использование рекомендаций производителя: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

CWE

CWE-352

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (TelePresence Video Communication Server), \u0434\u043e 14.3.4 (Cisco Expressway), \u043e\u0442 15.0 \u0434\u043e 15.0.0 (Cisco Expressway)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 (API) \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u043d\u043e\u0439 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 (CDB);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.02.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01084",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20252",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "TelePresence Video Communication Server, Cisco Expressway",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446-\u0441\u0432\u044f\u0437\u044c\u044e Cisco Expressway Series \u0438 Cisco Telepresence VCS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-352)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446-\u0441\u0432\u044f\u0437\u044c\u044e Cisco Expressway Series \u0438 Cisco Telepresence VCS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043f\u0443\u0442\u0451\u043c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043f\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-352",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,6)"
}

CVE-2024-20252 (GCVE-0-2024-20252)

Vulnerability from cvelistv5 – Published: 2024-02-07 16:15 – Updated: 2024-08-01 21:52

Summary

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco TelePresence Video Communication Server (VCS) Expressway	Affected: X8.5.1 Affected: X8.5.3 Affected: X8.5 Affected: X8.6.1 Affected: X8.6 Affected: X8.1.1 Affected: X8.1.2 Affected: X8.1 Affected: X8.2.1 Affected: X8.2.2 Affected: X8.2 Affected: X8.7.1 Affected: X8.7.2 Affected: X8.7.3 Affected: X8.7 Affected: X8.8.1 Affected: X8.8.2 Affected: X8.8.3 Affected: X8.8 Affected: X8.9.1 Affected: X8.9.2 Affected: X8.9 Affected: X8.10.0 Affected: X8.10.1 Affected: X8.10.2 Affected: X8.10.3 Affected: X8.10.4 Affected: X12.5.8 Affected: X12.5.9 Affected: X12.5.0 Affected: X12.5.2 Affected: X12.5.7 Affected: X12.5.3 Affected: X12.5.4 Affected: X12.5.5 Affected: X12.5.1 Affected: X12.5.6 Affected: X12.6.0 Affected: X12.6.1 Affected: X12.6.2 Affected: X12.6.3 Affected: X12.6.4 Affected: X12.7.0 Affected: X12.7.1 Affected: X8.11.1 Affected: X8.11.2 Affected: X8.11.4 Affected: X8.11.3 Affected: X8.11.0 Affected: X14.0.1 Affected: X14.0.3 Affected: X14.0.2 Affected: X14.0.4 Affected: X14.0.5 Affected: X14.0.6 Affected: X14.0.7 Affected: X14.0.8 Affected: X14.0.9 Affected: X14.0.10 Affected: X14.0.11 Affected: X14.2.1 Affected: X14.2.2 Affected: X14.2.5 Affected: X14.2.6 Affected: X14.2.0 Affected: X14.2.7 Affected: X14.3.0 Affected: X14.3.1 Affected: X14.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.0:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.4:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.8:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.9:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.0:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.7:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.4:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.5:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.6:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.0:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.4:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.0:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.4:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.0:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.3:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.4:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.5:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.6:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.7:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.8:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.9:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.10:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.11:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.2:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.5:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.6:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.0:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.7:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.0:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.1:*:*:*:expressway:*:*:*",
              "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.2:*:*:*:expressway:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_video_communication_server_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "x8.5.1"
              },
              {
                "status": "affected",
                "version": "x8.5.3"
              },
              {
                "status": "affected",
                "version": "x8.5"
              },
              {
                "status": "affected",
                "version": "x8.6.1"
              },
              {
                "status": "affected",
                "version": "x8.6"
              },
              {
                "status": "affected",
                "version": "x8.1.1"
              },
              {
                "status": "affected",
                "version": "x8.1.2"
              },
              {
                "status": "affected",
                "version": "x8.1"
              },
              {
                "status": "affected",
                "version": "x8.2.1"
              },
              {
                "status": "affected",
                "version": "x8.2.2"
              },
              {
                "status": "affected",
                "version": "x8.2"
              },
              {
                "status": "affected",
                "version": "x8.7.1"
              },
              {
                "status": "affected",
                "version": "x8.7.2"
              },
              {
                "status": "affected",
                "version": "x8.7.3"
              },
              {
                "status": "affected",
                "version": "x8.7"
              },
              {
                "status": "affected",
                "version": "x8.8.1"
              },
              {
                "status": "affected",
                "version": "x8.8.2"
              },
              {
                "status": "affected",
                "version": "x8.8.3"
              },
              {
                "status": "affected",
                "version": "x8.8"
              },
              {
                "status": "affected",
                "version": "x8.9.1"
              },
              {
                "status": "affected",
                "version": "x8.9.2"
              },
              {
                "status": "affected",
                "version": "x8.9"
              },
              {
                "status": "affected",
                "version": "x8.10.0"
              },
              {
                "status": "affected",
                "version": "x8.10.1"
              },
              {
                "status": "affected",
                "version": "x8.10.2"
              },
              {
                "status": "affected",
                "version": "x8.10.3"
              },
              {
                "status": "affected",
                "version": "x8.10.4"
              },
              {
                "status": "affected",
                "version": "x12.5.8"
              },
              {
                "status": "affected",
                "version": "x12.5.9"
              },
              {
                "status": "affected",
                "version": "x12.5.0"
              },
              {
                "status": "affected",
                "version": "x12.5.2"
              },
              {
                "status": "affected",
                "version": "x12.5.7"
              },
              {
                "status": "affected",
                "version": "x12.5.3"
              },
              {
                "status": "affected",
                "version": "x12.5.4"
              },
              {
                "status": "affected",
                "version": "x12.5.5"
              },
              {
                "status": "affected",
                "version": "x12.5.1"
              },
              {
                "status": "affected",
                "version": "x12.5.6"
              },
              {
                "status": "affected",
                "version": "x12.6.0"
              },
              {
                "status": "affected",
                "version": "x12.6.1"
              },
              {
                "status": "affected",
                "version": "x12.6.2"
              },
              {
                "status": "affected",
                "version": "x12.6.3"
              },
              {
                "status": "affected",
                "version": "x12.6.4"
              },
              {
                "status": "affected",
                "version": "x12.7.0"
              },
              {
                "status": "affected",
                "version": "x12.7.1"
              },
              {
                "status": "affected",
                "version": "x8.11.1"
              },
              {
                "status": "affected",
                "version": "x8.11.2"
              },
              {
                "status": "affected",
                "version": "x8.11.4"
              },
              {
                "status": "affected",
                "version": "x8.11.3"
              },
              {
                "status": "affected",
                "version": "x8.11.0"
              },
              {
                "status": "affected",
                "version": "x14.0.1"
              },
              {
                "status": "affected",
                "version": "x14.0.3"
              },
              {
                "status": "affected",
                "version": "x14.0.2"
              },
              {
                "status": "affected",
                "version": "x14.0.4"
              },
              {
                "status": "affected",
                "version": "x14.0.5"
              },
              {
                "status": "affected",
                "version": "x14.0.6"
              },
              {
                "status": "affected",
                "version": "x14.0.7"
              },
              {
                "status": "affected",
                "version": "x14.0.8"
              },
              {
                "status": "affected",
                "version": "x14.0.9"
              },
              {
                "status": "affected",
                "version": "x14.0.10"
              },
              {
                "status": "affected",
                "version": "x14.0.11"
              },
              {
                "status": "affected",
                "version": "x14.2.1"
              },
              {
                "status": "affected",
                "version": "x14.2.2"
              },
              {
                "status": "affected",
                "version": "x14.2.5"
              },
              {
                "status": "affected",
                "version": "x14.2.6"
              },
              {
                "status": "affected",
                "version": "x14.2.0"
              },
              {
                "status": "affected",
                "version": "x14.2.7"
              },
              {
                "status": "affected",
                "version": "x14.3.0"
              },
              {
                "status": "affected",
                "version": "x14.3.1"
              },
              {
                "status": "affected",
                "version": "x14.3.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-08T05:00:09.985386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T20:37:52.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-expressway-csrf-KnnZDMj3",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco TelePresence Video Communication Server (VCS) Expressway",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "X8.5.1"
            },
            {
              "status": "affected",
              "version": "X8.5.3"
            },
            {
              "status": "affected",
              "version": "X8.5"
            },
            {
              "status": "affected",
              "version": "X8.6.1"
            },
            {
              "status": "affected",
              "version": "X8.6"
            },
            {
              "status": "affected",
              "version": "X8.1.1"
            },
            {
              "status": "affected",
              "version": "X8.1.2"
            },
            {
              "status": "affected",
              "version": "X8.1"
            },
            {
              "status": "affected",
              "version": "X8.2.1"
            },
            {
              "status": "affected",
              "version": "X8.2.2"
            },
            {
              "status": "affected",
              "version": "X8.2"
            },
            {
              "status": "affected",
              "version": "X8.7.1"
            },
            {
              "status": "affected",
              "version": "X8.7.2"
            },
            {
              "status": "affected",
              "version": "X8.7.3"
            },
            {
              "status": "affected",
              "version": "X8.7"
            },
            {
              "status": "affected",
              "version": "X8.8.1"
            },
            {
              "status": "affected",
              "version": "X8.8.2"
            },
            {
              "status": "affected",
              "version": "X8.8.3"
            },
            {
              "status": "affected",
              "version": "X8.8"
            },
            {
              "status": "affected",
              "version": "X8.9.1"
            },
            {
              "status": "affected",
              "version": "X8.9.2"
            },
            {
              "status": "affected",
              "version": "X8.9"
            },
            {
              "status": "affected",
              "version": "X8.10.0"
            },
            {
              "status": "affected",
              "version": "X8.10.1"
            },
            {
              "status": "affected",
              "version": "X8.10.2"
            },
            {
              "status": "affected",
              "version": "X8.10.3"
            },
            {
              "status": "affected",
              "version": "X8.10.4"
            },
            {
              "status": "affected",
              "version": "X12.5.8"
            },
            {
              "status": "affected",
              "version": "X12.5.9"
            },
            {
              "status": "affected",
              "version": "X12.5.0"
            },
            {
              "status": "affected",
              "version": "X12.5.2"
            },
            {
              "status": "affected",
              "version": "X12.5.7"
            },
            {
              "status": "affected",
              "version": "X12.5.3"
            },
            {
              "status": "affected",
              "version": "X12.5.4"
            },
            {
              "status": "affected",
              "version": "X12.5.5"
            },
            {
              "status": "affected",
              "version": "X12.5.1"
            },
            {
              "status": "affected",
              "version": "X12.5.6"
            },
            {
              "status": "affected",
              "version": "X12.6.0"
            },
            {
              "status": "affected",
              "version": "X12.6.1"
            },
            {
              "status": "affected",
              "version": "X12.6.2"
            },
            {
              "status": "affected",
              "version": "X12.6.3"
            },
            {
              "status": "affected",
              "version": "X12.6.4"
            },
            {
              "status": "affected",
              "version": "X12.7.0"
            },
            {
              "status": "affected",
              "version": "X12.7.1"
            },
            {
              "status": "affected",
              "version": "X8.11.1"
            },
            {
              "status": "affected",
              "version": "X8.11.2"
            },
            {
              "status": "affected",
              "version": "X8.11.4"
            },
            {
              "status": "affected",
              "version": "X8.11.3"
            },
            {
              "status": "affected",
              "version": "X8.11.0"
            },
            {
              "status": "affected",
              "version": "X14.0.1"
            },
            {
              "status": "affected",
              "version": "X14.0.3"
            },
            {
              "status": "affected",
              "version": "X14.0.2"
            },
            {
              "status": "affected",
              "version": "X14.0.4"
            },
            {
              "status": "affected",
              "version": "X14.0.5"
            },
            {
              "status": "affected",
              "version": "X14.0.6"
            },
            {
              "status": "affected",
              "version": "X14.0.7"
            },
            {
              "status": "affected",
              "version": "X14.0.8"
            },
            {
              "status": "affected",
              "version": "X14.0.9"
            },
            {
              "status": "affected",
              "version": "X14.0.10"
            },
            {
              "status": "affected",
              "version": "X14.0.11"
            },
            {
              "status": "affected",
              "version": "X14.2.1"
            },
            {
              "status": "affected",
              "version": "X14.2.2"
            },
            {
              "status": "affected",
              "version": "X14.2.5"
            },
            {
              "status": "affected",
              "version": "X14.2.6"
            },
            {
              "status": "affected",
              "version": "X14.2.0"
            },
            {
              "status": "affected",
              "version": "X14.2.7"
            },
            {
              "status": "affected",
              "version": "X14.3.0"
            },
            {
              "status": "affected",
              "version": "X14.3.1"
            },
            {
              "status": "affected",
              "version": "X14.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-07T16:15:06.066Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-expressway-csrf-KnnZDMj3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"
        }
      ],
      "source": {
        "advisory": "cisco-sa-expressway-csrf-KnnZDMj3",
        "defects": [
          "CSCwa25099"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20252",
    "datePublished": "2024-02-07T16:15:06.066Z",
    "dateReserved": "2023-11-08T15:08:07.622Z",
    "dateUpdated": "2024-08-01T21:52:31.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-01084

CVE-2024-20252 (GCVE-0-2024-20252)

Tags

Sightings

Nomenclature