平台
cisco
组件
cisco-telepresence-video-communication-server-vcs-expressway
修复版本
8.5.2
8.5.4
8.5.1
8.6.2
8.6.1
8.1.2
8.1.3
8.1.1
8.2.2
8.2.3
8.2.1
8.7.2
8.7.3
8.7.4
8.7.1
8.8.2
8.8.3
8.8.4
8.8.1
8.9.2
8.9.3
8.9.1
8.10.1
8.10.2
8.10.3
8.10.4
8.10.5
12.5.9
12.5.10
12.5.1
12.5.3
12.5.8
12.5.4
12.5.5
12.5.6
12.5.2
12.5.7
12.6.1
12.6.2
12.6.3
12.6.4
12.6.5
12.7.1
12.7.2
8.11.2
8.11.3
8.11.5
8.11.4
8.11.1
14.0.2
14.0.4
14.0.3
14.0.5
14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.2.2
14.2.3
14.2.6
14.2.7
14.2.1
14.2.8
14.3.1
14.3.2
14.3.3
CVE-2024-20254 describes a cross-site request forgery (CSRF) vulnerability present in Cisco TelePresence Video Communication Server (VCS) Expressway devices. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary actions on an affected device, potentially leading to unauthorized configuration changes or data breaches. The vulnerability impacts Expressway Control (Expressway-C) and Expressway Edge (Expressway-E) devices running versions X8.1 through X14.3.2. A fix is available in version 14.3.3.
The CSRF vulnerability allows an attacker to trick a legitimate user into unknowingly performing actions on the Expressway device. For example, an attacker could craft a malicious link that, when clicked by an authenticated user, modifies system settings, adds or removes users, or initiates unauthorized video conferences. The impact is particularly severe because the vulnerability is unauthenticated, meaning an attacker doesn't need valid credentials to exploit it. Successful exploitation could lead to complete compromise of the Expressway device and potentially provide a foothold into the broader network it serves, enabling lateral movement and data exfiltration. This vulnerability shares similarities with other CSRF attacks, where user interaction is leveraged to execute malicious commands.
CVE-2024-20254 was publicly disclosed on February 7, 2024. The CVSS score of 9.6 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (POC) code has been released as of this writing, the unauthenticated nature of the vulnerability and its critical severity suggest that it is likely to be targeted by attackers. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations heavily reliant on Cisco TelePresence for video conferencing and collaboration are at significant risk. Specifically, deployments with older Expressway versions (X8.1–X14.3.2) and those lacking robust network segmentation or WAF protection are particularly vulnerable. Shared hosting environments utilizing Cisco Expressway may also be at increased risk due to potential cross-tenant vulnerabilities.
• linux / server:
journalctl -u expressway | grep -i "csrf"• cisco:
show running-config | grep -i "csrf"• generic web:
curl -I <expressway_url> | grep -i "x-frame-options"• generic web:
Check response headers for missing or weak X-Frame-Options and Content-Security-Policy headers.
disclosure
漏洞利用状态
EPSS
2.33% (85% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-20254 is to upgrade to Cisco Expressway version 14.3.3 or later. If immediate upgrading is not possible, consider implementing temporary workarounds. These may include restricting access to the Expressway management interface to trusted networks, implementing strict input validation on all user-supplied data, and utilizing a Web Application Firewall (WAF) to filter out malicious requests. Configure the WAF to block requests containing suspicious parameters or patterns commonly associated with CSRF attacks. Regularly review Expressway device logs for any unusual activity or unauthorized modifications.
将思科 Expressway 系列和思科 TelePresence Video Communication Server (VCS) 更新到不受影响的版本。请参阅思科公告以获取有关已修复版本的详细信息。尽快应用思科提供的安全更新。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-20254 is a critical CSRF vulnerability affecting Cisco TelePresence Expressway devices (versions X8.1–X14.3.2) allowing unauthenticated attackers to perform arbitrary actions.
If you are running Cisco TelePresence Expressway versions X8.1 through X14.3.2, you are potentially affected by this vulnerability. Upgrade to version 14.3.3 or later to mitigate the risk.
The recommended fix is to upgrade to Cisco Expressway version 14.3.3 or later. As a temporary workaround, implement WAF rules and restrict access to the management interface.
While no public exploits are currently known, the vulnerability's critical severity and unauthenticated nature suggest it is likely to be targeted. Monitor for signs of exploitation.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-multiple-vulnerabilities
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。