प्लेटफ़ॉर्म
cisco
घटक
cisco-telepresence-video-communication-server-vcs-expressway
में ठीक किया गया
8.5.2
8.5.4
8.5.1
8.6.2
8.6.1
8.1.2
8.1.3
8.1.1
8.2.2
8.2.3
8.2.1
8.7.2
8.7.3
8.7.4
8.7.1
8.8.2
8.8.3
8.8.4
8.8.1
8.9.2
8.9.3
8.9.1
8.10.1
8.10.2
8.10.3
8.10.4
8.10.5
12.5.9
12.5.10
12.5.1
12.5.3
12.5.8
12.5.4
12.5.5
12.5.6
12.5.2
12.5.7
12.6.1
12.6.2
12.6.3
12.6.4
12.6.5
12.7.1
12.7.2
8.11.2
8.11.3
8.11.5
8.11.4
8.11.1
14.0.2
14.0.4
14.0.3
14.0.5
14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.2.2
14.2.3
14.2.6
14.2.7
14.2.1
14.2.8
14.3.1
14.3.2
14.3.3
CVE-2024-20252 describes a cross-site request forgery (CSRF) vulnerability affecting Cisco TelePresence Video Communication Server (VCS) Expressway devices. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary actions on the affected system, potentially leading to unauthorized configuration changes or data breaches. The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices running versions X8.1 through X14.3.2. Cisco has released a patch in version 14.3.3.
The CSRF vulnerability allows an attacker to trick a legitimate user into unknowingly performing actions on the Expressway device. This could involve modifying system configurations, adding or removing users, or even initiating video calls. Because the vulnerability is unauthenticated, an attacker does not need valid credentials to exploit it. The potential impact is significant, as a successful attack could grant an attacker complete control over the Expressway device, potentially compromising the entire video conferencing infrastructure. This is particularly concerning in environments where Expressway devices manage critical video conferencing services for sensitive communications.
This vulnerability is considered critical due to its ease of exploitation and potential impact. While no public exploits have been widely reported, the unauthenticated nature of the vulnerability makes it a high-priority target. It has been added to the CISA KEV catalog, indicating a significant risk to federal agencies. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations heavily reliant on Cisco TelePresence VCS Expressway for video conferencing, particularly those with legacy configurations or shared hosting environments, are at significant risk. Environments with limited security controls or infrequent patching cycles are also particularly vulnerable. Companies using Expressway devices to manage video conferencing for sensitive data or communications should prioritize remediation.
• cisco: Use Cisco's security advisory to identify affected devices.
• linux / server: Monitor Expressway device logs (typically located in /var/log/expressway/) for unusual HTTP requests or POST requests to administrative interfaces. Use grep to search for patterns indicative of CSRF attacks, such as requests originating from unexpected sources or containing suspicious parameters.
• generic web: Use curl to test for CSRF vulnerabilities on sensitive administrative endpoints. Attempt to trigger actions without proper authentication to see if the device responds as if the request originated from an authenticated user.
curl -v -X POST -d 'param1=value1¶m2=value2' https://expressway.example.com/admin/sensitive_actiondisclosure
patch
kev
एक्सप्लॉइट स्थिति
EPSS
3.38% (87% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-20252 is to upgrade to Cisco TelePresence VCS Expressway version 14.3.3 or later. If immediate upgrade is not possible, consider implementing temporary workarounds such as restricting access to sensitive administrative interfaces or implementing stricter authentication controls. Web Application Firewalls (WAFs) configured with appropriate CSRF protection rules can also help mitigate the risk, although this is not a substitute for patching. Monitor Expressway device logs for suspicious activity, particularly unexpected configuration changes or unauthorized user actions. Review and tighten access controls to minimize the potential impact of a successful CSRF attack.
Actualice Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) a una versión que no esté afectada por estas vulnerabilidades. Consulte el advisory de seguridad de Cisco para obtener detalles sobre las versiones corregidas. Aplique las actualizaciones de seguridad tan pronto como sea posible para mitigar el riesgo de ataques CSRF.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-20252 is a critical CSRF vulnerability affecting Cisco TelePresence VCS Expressway devices, allowing unauthenticated attackers to perform actions as a legitimate user.
If you are running Cisco TelePresence VCS Expressway versions X8.1–X14.3.2, you are potentially affected by this vulnerability.
Upgrade to Cisco TelePresence VCS Expressway version 14.3.3 or later to remediate the vulnerability. Consider temporary workarounds if immediate patching is not possible.
While no widespread exploitation has been confirmed, the unauthenticated nature of the vulnerability makes it a high-priority target and it's on the CISA KEV catalog.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-20240207
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।