CVE-2024-20255

Summary

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.5.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.5.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.5affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.6.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.6affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.1.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.1.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.2.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.2.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.7.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.7.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.7.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.7affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.8.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.8.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.8.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.8affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.9.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.9.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.9affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.10.0affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.10.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.10.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.10.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.10.4affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.8affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.9affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.0affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.7affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.4affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.5affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.5.6affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.6.0affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.6.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.6.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.6.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.6.4affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.7.0affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX12.7.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.11.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.11.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.11.4affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.11.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX8.11.0affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.3affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.4affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.5affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.6affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.7affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.8affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.9affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.10affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.0.11affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.2.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.2.2affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.2.5affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.2.6affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.2.0affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.2.7affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.3.0affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.3.1affected
CiscoCisco TelePresence Video Communication Server (VCS) ExpresswayX14.3.2affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References