免费扫描
CRITICALCVE-2024-20252CVSS 9.6

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF)

翻译中…

平台

cisco

组件

cisco-telepresence-video-communication-server-vcs-expressway

修复版本

8.5.2

8.5.4

8.5.1

8.6.2

8.6.1

8.1.2

8.1.3

8.1.1

8.2.2

8.2.3

8.2.1

8.7.2

8.7.3

8.7.4

8.7.1

8.8.2

8.8.3

8.8.4

8.8.1

8.9.2

8.9.3

8.9.1

8.10.1

8.10.2

8.10.3

8.10.4

8.10.5

12.5.9

12.5.10

12.5.1

12.5.3

12.5.8

12.5.4

12.5.5

12.5.6

12.5.2

12.5.7

12.6.1

12.6.2

12.6.3

12.6.4

12.6.5

12.7.1

12.7.2

8.11.2

8.11.3

8.11.5

8.11.4

8.11.1

14.0.2

14.0.4

14.0.3

14.0.5

14.0.6

14.0.7

14.0.8

14.0.9

14.0.10

14.0.11

14.0.12

14.2.2

14.2.3

14.2.6

14.2.7

14.2.1

14.2.8

14.3.1

14.3.2

14.3.3

AI Confidence: highNVDEPSS 3.4%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2024-20252 describes a cross-site request forgery (CSRF) vulnerability affecting Cisco TelePresence Video Communication Server (VCS) Expressway devices. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary actions on the affected system, potentially leading to unauthorized configuration changes or data breaches. The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices running versions X8.1 through X14.3.2. Cisco has released a patch in version 14.3.3.

影响与攻击场景翻译中…

The CSRF vulnerability allows an attacker to trick a legitimate user into unknowingly performing actions on the Expressway device. This could involve modifying system configurations, adding or removing users, or even initiating video calls. Because the vulnerability is unauthenticated, an attacker does not need valid credentials to exploit it. The potential impact is significant, as a successful attack could grant an attacker complete control over the Expressway device, potentially compromising the entire video conferencing infrastructure. This is particularly concerning in environments where Expressway devices manage critical video conferencing services for sensitive communications.

利用背景翻译中…

This vulnerability is considered critical due to its ease of exploitation and potential impact. While no public exploits have been widely reported, the unauthenticated nature of the vulnerability makes it a high-priority target. It has been added to the CISA KEV catalog, indicating a significant risk to federal agencies. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.

哪些人处于风险中翻译中…

Organizations heavily reliant on Cisco TelePresence VCS Expressway for video conferencing, particularly those with legacy configurations or shared hosting environments, are at significant risk. Environments with limited security controls or infrequent patching cycles are also particularly vulnerable. Companies using Expressway devices to manage video conferencing for sensitive data or communications should prioritize remediation.

检测步骤翻译中…

• cisco: Use Cisco's security advisory to identify affected devices. • linux / server: Monitor Expressway device logs (typically located in /var/log/expressway/) for unusual HTTP requests or POST requests to administrative interfaces. Use grep to search for patterns indicative of CSRF attacks, such as requests originating from unexpected sources or containing suspicious parameters. • generic web: Use curl to test for CSRF vulnerabilities on sensitive administrative endpoints. Attempt to trigger actions without proper authentication to see if the device responds as if the request originated from an authenticated user.

curl -v -X POST -d 'param1=value1&param2=value2' https://expressway.example.com/admin/sensitive_action

攻击时间线

  1. Disclosure

    disclosure

  2. Patch

    patch

  3. CISA KEV

    kev

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

3.38% (87% 百分位)

CISA SSVC

利用情况none
可自动化no
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.6CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionRequired是否需要受害者采取行动ScopeChanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
需要 — 受害者必须打开文件、点击链接或访问特制页面。
Scope
已改变 — 攻击可以超出脆弱组件,影响其他系统。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件cisco-telepresence-video-communication-server-vcs-expressway
供应商Cisco
影响范围修复版本
X8.5.1 – X8.5.18.5.2
X8.5.3 – X8.5.38.5.4
X8.5 – X8.58.5.1
X8.6.1 – X8.6.18.6.2
X8.6 – X8.68.6.1
X8.1.1 – X8.1.18.1.2
X8.1.2 – X8.1.28.1.3
X8.1 – X8.18.1.1
X8.2.1 – X8.2.18.2.2
X8.2.2 – X8.2.28.2.3
X8.2 – X8.28.2.1
X8.7.1 – X8.7.18.7.2
X8.7.2 – X8.7.28.7.3
X8.7.3 – X8.7.38.7.4
X8.7 – X8.78.7.1
X8.8.1 – X8.8.18.8.2
X8.8.2 – X8.8.28.8.3
X8.8.3 – X8.8.38.8.4
X8.8 – X8.88.8.1
X8.9.1 – X8.9.18.9.2
X8.9.2 – X8.9.28.9.3
X8.9 – X8.98.9.1
X8.10.0 – X8.10.08.10.1
X8.10.1 – X8.10.18.10.2
X8.10.2 – X8.10.28.10.3
X8.10.3 – X8.10.38.10.4
X8.10.4 – X8.10.48.10.5
X12.5.8 – X12.5.812.5.9
X12.5.9 – X12.5.912.5.10
X12.5.0 – X12.5.012.5.1
X12.5.2 – X12.5.212.5.3
X12.5.7 – X12.5.712.5.8
X12.5.3 – X12.5.312.5.4
X12.5.4 – X12.5.412.5.5
X12.5.5 – X12.5.512.5.6
X12.5.1 – X12.5.112.5.2
X12.5.6 – X12.5.612.5.7
X12.6.0 – X12.6.012.6.1
X12.6.1 – X12.6.112.6.2
X12.6.2 – X12.6.212.6.3
X12.6.3 – X12.6.312.6.4
X12.6.4 – X12.6.412.6.5
X12.7.0 – X12.7.012.7.1
X12.7.1 – X12.7.112.7.2
X8.11.1 – X8.11.18.11.2
X8.11.2 – X8.11.28.11.3
X8.11.4 – X8.11.48.11.5
X8.11.3 – X8.11.38.11.4
X8.11.0 – X8.11.08.11.1
X14.0.1 – X14.0.114.0.2
X14.0.3 – X14.0.314.0.4
X14.0.2 – X14.0.214.0.3
X14.0.4 – X14.0.414.0.5
X14.0.5 – X14.0.514.0.6
X14.0.6 – X14.0.614.0.7
X14.0.7 – X14.0.714.0.8
X14.0.8 – X14.0.814.0.9
X14.0.9 – X14.0.914.0.10
X14.0.10 – X14.0.1014.0.11
X14.0.11 – X14.0.1114.0.12
X14.2.1 – X14.2.114.2.2
X14.2.2 – X14.2.214.2.3
X14.2.5 – X14.2.514.2.6
X14.2.6 – X14.2.614.2.7
X14.2.0 – X14.2.014.2.1
X14.2.7 – X14.2.714.2.8
X14.3.0 – X14.3.014.3.1
X14.3.1 – X14.3.114.3.2
X14.3.2 – X14.3.214.3.3

弱点分类 (CWE)

CWE-352

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2024-20252 is to upgrade to Cisco TelePresence VCS Expressway version 14.3.3 or later. If immediate upgrade is not possible, consider implementing temporary workarounds such as restricting access to sensitive administrative interfaces or implementing stricter authentication controls. Web Application Firewalls (WAFs) configured with appropriate CSRF protection rules can also help mitigate the risk, although this is not a substitute for patching. Monitor Expressway device logs for suspicious activity, particularly unexpected configuration changes or unauthorized user actions. Review and tighten access controls to minimize the potential impact of a successful CSRF attack.

修复方法翻译中…

Actualice Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) a una versión que no esté afectada por estas vulnerabilidades. Consulte el advisory de seguridad de Cisco para obtener detalles sobre las versiones corregidas. Aplique las actualizaciones de seguridad tan pronto como sea posible para mitigar el riesgo de ataques CSRF.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2024-20252 — CSRF in Cisco TelePresence VCS Expressway?

CVE-2024-20252 is a critical CSRF vulnerability affecting Cisco TelePresence VCS Expressway devices, allowing unauthenticated attackers to perform actions as a legitimate user.

Am I affected by CVE-2024-20252 in Cisco TelePresence VCS Expressway?

If you are running Cisco TelePresence VCS Expressway versions X8.1–X14.3.2, you are potentially affected by this vulnerability.

How do I fix CVE-2024-20252 in Cisco TelePresence VCS Expressway?

Upgrade to Cisco TelePresence VCS Expressway version 14.3.3 or later to remediate the vulnerability. Consider temporary workarounds if immediate patching is not possible.

Is CVE-2024-20252 being actively exploited?

While no widespread exploitation has been confirmed, the unauthenticated nature of the vulnerability makes it a high-priority target and it's on the CISA KEV catalog.

Where can I find the official Cisco advisory for CVE-2024-20252?

Refer to the official Cisco Security Advisory for detailed information and mitigation steps: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-20240207

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE