Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities (CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255)

Advisory No: TZCERT/SA/2024/02/08-1

Date of First Release: 8^th February 2024

Source: Cisco

Software Affected: Cisco Expressway Series

Overview:

Cisco Expressway Series are affected by vulnerabilities tracked as CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255 which could allow remote attacker to perform arbitrary actions via cross-site request forgery vulnerability affecting the system.

Description:

Following insufficient CSRF protection for the web-based management interface, the API for Cisco Expressway devices is vulnerable to CSRF attacks. Remote attacker can use a crafted link to deceive authenticated user into clinking and then perform arbitrary actions with the privilege of the affected user. Also, CVE-2024-20255 can be used to alter vulnerable systems’ configuration and trigger denial of service conditions.

Impact:

Successful exploitation of these vulnerabilities may allow the remote attacker to take control of the affected system.

Solution:

Cisco has released security updates to resolve these vulnerabilities. Users and administrations are encouraged to update as soon as possible.

References:

1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3
2. https://securityaffairs.com/158830/security/cisco-fixes-critical-expressway-series-csrf-vulnerabilities.html