HIGH✓ PATCH🇬🇧 English

CVE-2024-20255

CVSS 8.2v3.1pub. 2024-02-07upd. 2024-11-21

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L
  • Cisco Expressway

    APP
    Cisco
    < 15.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-20254CRITICAL9.6PL ✓ten sam produkt

CSRF w Cisco Expressway i TelePresence VCS umożliwiający zdalne działania

CVE-2024-20252CRITICAL9.6PL ✓ten sam produkt

CSRF w Cisco Expressway Series i TelePresence VCS — nieautoryzowane działania

CVE-2022-20813CRITICAL9.0ten sam produkt

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and C...

CVE-2022-20812CRITICAL9.0ten sam produkt

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and C...

CVE-2018-5390HIGH7.5ten sam produkt

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prun...

CVE-2024-20255 — HIGH 8.2 | CVEbaza.pl