प्लेटफ़ॉर्म
cisco
घटक
cisco-telepresence-video-communication-server-vcs-expressway
में ठीक किया गया
8.5.2
8.5.4
8.5.1
8.6.2
8.6.1
8.1.2
8.1.3
8.1.1
8.2.2
8.2.3
8.2.1
8.7.2
8.7.3
8.7.4
8.7.1
8.8.2
8.8.3
8.8.4
8.8.1
8.9.2
8.9.3
8.9.1
8.10.1
8.10.2
8.10.3
8.10.4
8.10.5
12.5.9
12.5.10
12.5.1
12.5.3
12.5.8
12.5.4
12.5.5
12.5.6
12.5.2
12.5.7
12.6.1
12.6.2
12.6.3
12.6.4
12.6.5
12.7.1
12.7.2
8.11.2
8.11.3
8.11.5
8.11.4
8.11.1
14.0.2
14.0.4
14.0.3
14.0.5
14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.2.2
14.2.3
14.2.6
14.2.7
14.2.1
14.2.8
14.3.1
14.3.2
14.3.3
CVE-2024-20254 describes a cross-site request forgery (CSRF) vulnerability present in Cisco TelePresence Video Communication Server (VCS) Expressway devices. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary actions on an affected device, potentially leading to unauthorized configuration changes or data breaches. The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices running versions X8.1 through X14.3.2. A fix is available in version 14.3.3.
The CSRF vulnerability allows an attacker to trick a legitimate user into unknowingly performing actions on the Expressway device. For example, an attacker could craft a malicious link that, when clicked by an authenticated user, modifies system settings, adds or removes users, or initiates unauthorized video conferences. The impact is particularly severe because the vulnerability is unauthenticated, meaning an attacker doesn't need valid credentials to exploit it. Successful exploitation could lead to complete compromise of the Expressway device and potentially provide a foothold into the broader network it serves, enabling lateral movement and data exfiltration. This vulnerability shares similarities with other CSRF attacks, where user interaction is leveraged to execute malicious commands.
CVE-2024-20254 was publicly disclosed on February 7, 2024. The CVSS score of 9.6 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (POC) code has been released as of this writing, the unauthenticated nature of the vulnerability and its critical severity suggest that it is likely to be targeted by attackers. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations heavily reliant on Cisco TelePresence for video conferencing and collaboration are at significant risk. Specifically, deployments with older Expressway versions (X8.1–X14.3.2) and those lacking robust network segmentation or WAF protection are particularly vulnerable. Shared hosting environments utilizing Cisco Expressway may also be at increased risk due to potential cross-tenant vulnerabilities.
• linux / server:
journalctl -u expressway | grep -i "csrf"• cisco:
show running-config | grep -i "csrf"• generic web:
curl -I <expressway_url> | grep -i "x-frame-options"• generic web:
Check response headers for missing or weak X-Frame-Options and Content-Security-Policy headers.
disclosure
एक्सप्लॉइट स्थिति
EPSS
2.33% (85% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-20254 is to upgrade to Cisco Expressway version 14.3.3 or later. If immediate upgrading is not possible, consider implementing temporary workarounds. These may include restricting access to the Expressway management interface to trusted networks, implementing strict input validation on all user-supplied data, and utilizing a Web Application Firewall (WAF) to filter out malicious requests. Configure the WAF to block requests containing suspicious parameters or patterns commonly associated with CSRF attacks. Regularly review Expressway device logs for any unusual activity or unauthorized modifications.
Cisco Expressway Series और Cisco TelePresence Video Communication Server (VCS) को एक अप्रभावित संस्करण में अपडेट करें। ठीक किए गए संस्करणों के बारे में विवरण के लिए Cisco सलाहकार देखें। Cisco द्वारा प्रदान किए गए सुरक्षा अपडेट को जल्द से जल्द लागू करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-20254 is a critical CSRF vulnerability affecting Cisco TelePresence Expressway devices (versions X8.1–X14.3.2) allowing unauthenticated attackers to perform arbitrary actions.
If you are running Cisco TelePresence Expressway versions X8.1 through X14.3.2, you are potentially affected by this vulnerability. Upgrade to version 14.3.3 or later to mitigate the risk.
The recommended fix is to upgrade to Cisco Expressway version 14.3.3 or later. As a temporary workaround, implement WAF rules and restrict access to the management interface.
While no public exploits are currently known, the vulnerability's critical severity and unauthenticated nature suggest it is likely to be targeted. Monitor for signs of exploitation.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-multiple-vulnerabilities
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।