CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20254

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.038

EPSS Ranking 87.4%

CVSS Severity

CVSS v3 Score 9.6

References

Products affected by CVE-2024-20254

Cisco » Expressway » Version: N/A

cpe:2.3:a:cisco:expressway:-
Cisco » Expressway » Version: 14.0

cpe:2.3:a:cisco:expressway:14.0
Cisco » Expressway » Version: 14.0.7

cpe:2.3:a:cisco:expressway:14.0.7
Cisco » Expressway » Version: 15.0

cpe:2.3:a:cisco:expressway:15.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20254

Products

Pricing

Contact Us