Plateforme
cisco
Composant
cisco-telepresence-video-communication-server-vcs-expressway
Corrigé dans
8.5.2
8.5.4
8.5.1
8.6.2
8.6.1
8.1.2
8.1.3
8.1.1
8.2.2
8.2.3
8.2.1
8.7.2
8.7.3
8.7.4
8.7.1
8.8.2
8.8.3
8.8.4
8.8.1
8.9.2
8.9.3
8.9.1
8.10.1
8.10.2
8.10.3
8.10.4
8.10.5
12.5.9
12.5.10
12.5.1
12.5.3
12.5.8
12.5.4
12.5.5
12.5.6
12.5.2
12.5.7
12.6.1
12.6.2
12.6.3
12.6.4
12.6.5
12.7.1
12.7.2
8.11.2
8.11.3
8.11.5
8.11.4
8.11.1
14.0.2
14.0.4
14.0.3
14.0.5
14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.2.2
14.2.3
14.2.6
14.2.7
14.2.1
14.2.8
14.3.1
14.3.2
14.3.3
CVE-2024-20254 describes a cross-site request forgery (CSRF) vulnerability present in Cisco TelePresence Video Communication Server (VCS) Expressway devices. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary actions on an affected device, potentially leading to unauthorized configuration changes or data breaches. The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices running versions X8.1 through X14.3.2. A fix is available in version 14.3.3.
The CSRF vulnerability allows an attacker to trick a legitimate user into unknowingly performing actions on the Expressway device. For example, an attacker could craft a malicious link that, when clicked by an authenticated user, modifies system settings, adds or removes users, or initiates unauthorized video conferences. The impact is particularly severe because the vulnerability is unauthenticated, meaning an attacker doesn't need valid credentials to exploit it. Successful exploitation could lead to complete compromise of the Expressway device and potentially provide a foothold into the broader network it serves, enabling lateral movement and data exfiltration. This vulnerability shares similarities with other CSRF attacks, where user interaction is leveraged to execute malicious commands.
CVE-2024-20254 was publicly disclosed on February 7, 2024. The CVSS score of 9.6 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (POC) code has been released as of this writing, the unauthenticated nature of the vulnerability and its critical severity suggest that it is likely to be targeted by attackers. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations heavily reliant on Cisco TelePresence for video conferencing and collaboration are at significant risk. Specifically, deployments with older Expressway versions (X8.1–X14.3.2) and those lacking robust network segmentation or WAF protection are particularly vulnerable. Shared hosting environments utilizing Cisco Expressway may also be at increased risk due to potential cross-tenant vulnerabilities.
• linux / server:
journalctl -u expressway | grep -i "csrf"• cisco:
show running-config | grep -i "csrf"• generic web:
curl -I <expressway_url> | grep -i "x-frame-options"• generic web:
Check response headers for missing or weak X-Frame-Options and Content-Security-Policy headers.
disclosure
Statut de l'Exploit
EPSS
2.33% (percentile 85%)
Vecteur CVSS
The primary mitigation for CVE-2024-20254 is to upgrade to Cisco Expressway version 14.3.3 or later. If immediate upgrading is not possible, consider implementing temporary workarounds. These may include restricting access to the Expressway management interface to trusted networks, implementing strict input validation on all user-supplied data, and utilizing a Web Application Firewall (WAF) to filter out malicious requests. Configure the WAF to block requests containing suspicious parameters or patterns commonly associated with CSRF attacks. Regularly review Expressway device logs for any unusual activity or unauthorized modifications.
Mettez à jour Cisco Expressway Series et Cisco TelePresence Video Communication Server (VCS) vers une version non affectée. Consultez l'avis Cisco pour obtenir des détails sur les versions corrigées. Appliquez les mises à jour de sécurité fournies par Cisco dès que possible.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-20254 is a critical CSRF vulnerability affecting Cisco TelePresence Expressway devices (versions X8.1–X14.3.2) allowing unauthenticated attackers to perform arbitrary actions.
If you are running Cisco TelePresence Expressway versions X8.1 through X14.3.2, you are potentially affected by this vulnerability. Upgrade to version 14.3.3 or later to mitigate the risk.
The recommended fix is to upgrade to Cisco Expressway version 14.3.3 or later. As a temporary workaround, implement WAF rules and restrict access to the management interface.
While no public exploits are currently known, the vulnerability's critical severity and unauthenticated nature suggest it is likely to be targeted. Monitor for signs of exploitation.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-multiple-vulnerabilities
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.