CVE-2024-20497

Summary

CVE-2024-20497 is a vulnerability affecting Cisco Expressway Edge (Expressway-E) that allows an authenticated remote attacker to impersonate another user due to insufficient authorization checks for Mobile and Remote Access (MRA) users. By exploiting this vulnerability, an attacker could execute crafted commands to intercept calls directed to specific phone numbers or manipulate caller ID information. The attack requires the perpetrator to be an MRA user on the affected system, and the exploit has a medium severity rating, with a CVSS base score of 4.3. To mitigate this vulnerability, organizations should implement proper authorization checks and restrict access controls for MRA users. Failure to address this issue poses risks related to call interception and unauthorized communication within an organization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.