Overview

Cisco Expressway Series are affected by vulnerabilities tracked as CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255 which could allow remote attacker to perform arbitrary actions via cross-site request forgery vulnerability affecting the system.

Description

Following insufficient CSRF protection for the web-based management interface, the API for Cisco Expressway devices is vulnerable to CSRF attacks. Remote attacker can use a crafted link to deceive authenticated user into clinking and then perform arbitrary actions with the privilege of the affected user. Also, CVE-2024-20255 can be used to alter vulnerable systems' configuration and trigger denial of service conditions.

Impact

Successful exploitation of these vulnerabilities may allow the remote attacker to take control of the affected system.

Solution

Cisco has released security updates to resolve these vulnerabilities. Users and administrations are encouraged to update as soon as possible.

References

• 1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3
• 2. https://securityaffairs.com/158830/security/cisco-fixes-critical-expressway-series-csrf-vulnerabilities.html