CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-20255

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.6%

CVSS Severity

CVSS v3 Score 8.2

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

Products affected by CVE-2024-20255

Cisco » Expressway » Version: N/A

cpe:2.3:a:cisco:expressway:-
Cisco » Expressway » Version: 14.0

cpe:2.3:a:cisco:expressway:14.0
Cisco » Expressway » Version: 14.0.7

cpe:2.3:a:cisco:expressway:14.0.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20255

Products

Pricing

Contact Us