www.belgium.be Logo of the federal government

WARNING: CRITICAL VULNERABILITIES IN CISCO EXPRESSWAY SERIES & TELEPRESENCE VCS, PATCH IMMEDIATELY!

Reference: 
Advisory #2024-21
Version: 
1.0
Affected software: 
Cisco Expressway series & Cisco TelePresence Video Communication Server (VCS)
Type: 
Cross-Site Request Forgery (CSRF)
CVE/CVSS: 

CVE-2024-20252: CVSS 9.6 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVE-2024-20254: CVSS 9.6 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

Date: 
08/02/2024

Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

Risks

Multiple vulnerabilities in the Cisco Expressway Series could enable an unauthenticated, remote attacker to carry out cross-site request forgery (CSRF) attacks, allowing the attacker to run arbitrary actions on an affected device.

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible. Analyze system and network logs for any suspicious activity. This report has instructions to help your organization.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

 

Description

Multiple vulnerabilities in the Cisco Expressway Series could enable an unauthenticated, remote attacker to carry out cross-site request forgery (CSRF) attacks, allowing the attacker to run arbitrary actions on an affected device.

An attacker could exploit these vulnerabilities by persuading a user of the API to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Cisco has released software patches that address these vulnerabilities.

Recommended Actions

Patch

The Centre for Cyber Security Belgium strongly recommends installing updates for vulnerable software with the highest priority, after thorough testing.

The latest version of the involved product can be found on their website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

 

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

 

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3