vulnerability
Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2024-20255: Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:P) | Feb 7, 2024 | Sep 30, 2024 | Jun 23, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:P)
Published
Feb 7, 2024
Added
Sep 30, 2024
Modified
Jun 23, 2025
Description
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.
Solution
cisco-telepresence-expressway-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.