vulnerability
Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2024-20254: Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Feb 7, 2024 | Sep 30, 2024 | Aug 6, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Feb 7, 2024
Added
Sep 30, 2024
Modified
Aug 6, 2025
Description
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
Solution
cisco-telepresence-expressway-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.