Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-20252

Опубликовано: 07 фев. 2024
Источник: nvd
CVSS3: 9.6
CVSS3: 8.8
EPSS Низкий

Описание

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*
Версия до 15.0 (включая)

EPSS

Процентиль: 91%
0.07358
Низкий

9.6 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352
CWE-352

Связанные уязвимости

github логотип

GHSA-6wvv-3xrf-xrf6

CVSS3: 9.6
github
почти 2 года назад

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

fstec логотип

BDU:2024-01084

CVSS3: 9.6
fstec
около 2 лет назад

Уязвимость прикладного программного интерфейса устройств управления конференц-связью Cisco Expressway Series и Cisco Telepresence VCS, позволяющая нарушителю выполнять произвольные команды

EPSS

Процентиль: 91%
0.07358
Низкий

9.6 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352
CWE-352