vulnerability
Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2024-20254: Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Feb 7, 2024 | Sep 30, 2024 | Apr 1, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Feb 7, 2024
Added
Sep 30, 2024
Modified
Apr 1, 2026
Description
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
Solution
cisco-telepresence-expressway-upgrade-latest
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.