Cisco has addressed several vulnerabilities in its Expressway Series collaboration gateways. Two of the critical vulnerabilities tracked as CVE-2024-20252 and CVE-2024-20254 can lead to cross-site request forgery (CSRF) attacks.
An unauthenticated, remote attacker can exploit the flaws to carry out CSRF attacks on an affected system.
Cisco states that the two flaws are due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by tricking a user of the API to click on a crafted link.
Cisco also addressed a third CSRF flaw tracked as CVE-2024-20255 can also be exploited to carry out multiple actions, including overwriting system configuration settings, which could prevent the system from processing calls properly and result in a denial of service (DoS) condition.
As per the advisory, CVE-2024-20252 can only be exploited to attack gateways where the cluster database (CDB) API feature has been enabled. CVE-2024-20254 and CVE-2024-20255 only affect Cisco Expressway Series devices in the default configuration.
Cisco’s Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild exploiting these vulnerabilities. For more details refer to company’s security advisories page.
