Advisory No: TZCERT/SA/2024/02/08-1
Date of First Release: 8th February 2024
Source: Cisco
Software Affected: Cisco Expressway Series
Overview:
Cisco Expressway Series are affected by vulnerabilities tracked as CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255 which could allow remote attacker to perform arbitrary actions via cross-site request forgery vulnerability affecting the system.
Description:
Following insufficient CSRF protection for the web-based management interface, the API for Cisco Expressway devices is vulnerable to CSRF attacks. Remote attacker can use a crafted link to deceive authenticated user into clinking and then perform arbitrary actions with the privilege of the affected user. Also, CVE-2024-20255 can be used to alter vulnerable systems’ configuration and trigger denial of service conditions.
Impact:
Successful exploitation of these vulnerabilities may allow the remote attacker to take control of the affected system.
Solution:
Cisco has released security updates to resolve these vulnerabilities. Users and administrations are encouraged to update as soon as possible.
References: