Advisory No: TZCERT/SA/2024/02/08-1
Date of First Release: 8th February 2024
Software Affected: Cisco Expressway Series
Cisco Expressway Series are affected by vulnerabilities tracked as CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255 which could allow remote attacker to perform arbitrary actions via cross-site request forgery vulnerability affecting the system.
Following insufficient CSRF protection for the web-based management interface, the API for Cisco Expressway devices is vulnerable to CSRF attacks. Remote attacker can use a crafted link to deceive authenticated user into clinking and then perform arbitrary actions with the privilege of the affected user. Also, CVE-2024-20255 can be used to alter vulnerable systems’ configuration and trigger denial of service conditions.
Successful exploitation of these vulnerabilities may allow the remote attacker to take control of the affected system.
Cisco has released security updates to resolve these vulnerabilities. Users and administrations are encouraged to update as soon as possible.