CVE-2024-20252

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 7, 2024

Updated: Feb 15, 2024

CWE ID 352

Summary

CVE-2024-20252 is a serious vulnerability affecting Cisco Expressway Series (including Expressway-C and Expressway-E) and Cisco TelePresence Video Communication Server (VCS). An unauthenticated, remote attacker can exploit this issue to conduct Cross-Site Request Forgery (CSRF) attacks, which permit the execution of arbitrary actions on affected devices. These vulnerabilities pose a significant risk to system integrity and security, and further details can be found in the "#details" section of this advisory.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Expressway

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ub5dt0
https://www.cve.org/CVERecord?id=CVE-2024-20252
https://nvd.nist.gov/vuln/detail/CVE-2024-20252

Back to Vulnerability Database