Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20252", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.622Z", "datePublished": "2024-02-07T16:15:06.066Z", "dateUpdated": "2024-08-01T21:52:31.791Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-02-07T16:15:06.066Z"}, "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."}], "affected": [{"vendor": "Cisco", "product": "Cisco TelePresence Video Communication Server (VCS) Expressway", "versions": [{"version": "X8.5.1", "status": "affected"}, {"version": "X8.5.3", "status": "affected"}, {"version": "X8.5", "status": "affected"}, {"version": "X8.6.1", "status": "affected"}, {"version": "X8.6", "status": "affected"}, {"version": "X8.1.1", "status": "affected"}, {"version": "X8.1.2", "status": "affected"}, {"version": "X8.1", "status": "affected"}, {"version": "X8.2.1", "status": "affected"}, {"version": "X8.2.2", "status": "affected"}, {"version": "X8.2", "status": "affected"}, {"version": "X8.7.1", "status": "affected"}, {"version": "X8.7.2", "status": "affected"}, {"version": "X8.7.3", "status": "affected"}, {"version": "X8.7", "status": "affected"}, {"version": "X8.8.1", "status": "affected"}, {"version": "X8.8.2", "status": "affected"}, {"version": "X8.8.3", "status": "affected"}, {"version": "X8.8", "status": "affected"}, {"version": "X8.9.1", "status": "affected"}, {"version": "X8.9.2", "status": "affected"}, {"version": "X8.9", "status": "affected"}, {"version": "X8.10.0", "status": "affected"}, {"version": "X8.10.1", "status": "affected"}, {"version": "X8.10.2", "status": "affected"}, {"version": "X8.10.3", "status": "affected"}, {"version": "X8.10.4", "status": "affected"}, {"version": "X12.5.8", "status": "affected"}, {"version": "X12.5.9", "status": "affected"}, {"version": "X12.5.0", "status": "affected"}, {"version": "X12.5.2", "status": "affected"}, {"version": "X12.5.7", "status": "affected"}, {"version": "X12.5.3", "status": "affected"}, {"version": "X12.5.4", "status": "affected"}, {"version": "X12.5.5", "status": "affected"}, {"version": "X12.5.1", "status": "affected"}, {"version": "X12.5.6", "status": "affected"}, {"version": "X12.6.0", "status": "affected"}, {"version": "X12.6.1", "status": "affected"}, {"version": "X12.6.2", "status": "affected"}, {"version": "X12.6.3", "status": "affected"}, {"version": "X12.6.4", "status": "affected"}, {"version": "X12.7.0", "status": "affected"}, {"version": "X12.7.1", "status": "affected"}, {"version": "X8.11.1", "status": "affected"}, {"version": "X8.11.2", "status": "affected"}, {"version": "X8.11.4", "status": "affected"}, {"version": "X8.11.3", "status": "affected"}, {"version": "X8.11.0", "status": "affected"}, {"version": "X14.0.1", "status": "affected"}, {"version": "X14.0.3", "status": "affected"}, {"version": "X14.0.2", "status": "affected"}, {"version": "X14.0.4", "status": "affected"}, {"version": "X14.0.5", "status": "affected"}, {"version": "X14.0.6", "status": "affected"}, {"version": "X14.0.7", "status": "affected"}, {"version": "X14.0.8", "status": "affected"}, {"version": "X14.0.9", "status": "affected"}, {"version": "X14.0.10", "status": "affected"}, {"version": "X14.0.11", "status": "affected"}, {"version": "X14.2.1", "status": "affected"}, {"version": "X14.2.2", "status": "affected"}, {"version": "X14.2.5", "status": "affected"}, {"version": "X14.2.6", "status": "affected"}, {"version": "X14.2.0", "status": "affected"}, {"version": "X14.2.7", "status": "affected"}, {"version": "X14.3.0", "status": "affected"}, {"version": "X14.3.1", "status": "affected"}, {"version": "X14.3.2", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Cross-Site Request Forgery (CSRF)", "type": "cwe", "cweId": "CWE-352"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", "name": "cisco-sa-expressway-csrf-KnnZDMj3"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-expressway-csrf-KnnZDMj3", "discovery": "INTERNAL", "defects": ["CSCwa25099"]}}, "adp": [{"affected": [{"vendor": "cisco", "product": "telepresence_video_communication_server_software", "cpes": ["cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.10.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.5.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.6.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x12.7.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.11.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.3:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.4:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.8:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.9:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.10:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.0.11:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.2:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.5:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.6:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.2.7:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.0:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.1:*:*:*:expressway:*:*:*", "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x14.3.2:*:*:*:expressway:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "x8.5.1", "status": "affected"}, {"version": "x8.5.3", "status": "affected"}, {"version": "x8.5", "status": "affected"}, {"version": "x8.6.1", "status": "affected"}, {"version": "x8.6", "status": "affected"}, {"version": "x8.1.1", "status": "affected"}, {"version": "x8.1.2", "status": "affected"}, {"version": "x8.1", "status": "affected"}, {"version": "x8.2.1", "status": "affected"}, {"version": "x8.2.2", "status": "affected"}, {"version": "x8.2", "status": "affected"}, {"version": "x8.7.1", "status": "affected"}, {"version": "x8.7.2", "status": "affected"}, {"version": "x8.7.3", "status": "affected"}, {"version": "x8.7", "status": "affected"}, {"version": "x8.8.1", "status": "affected"}, {"version": "x8.8.2", "status": "affected"}, {"version": "x8.8.3", "status": "affected"}, {"version": "x8.8", "status": "affected"}, {"version": "x8.9.1", "status": "affected"}, {"version": "x8.9.2", "status": "affected"}, {"version": "x8.9", "status": "affected"}, {"version": "x8.10.0", "status": "affected"}, {"version": "x8.10.1", "status": "affected"}, {"version": "x8.10.2", "status": "affected"}, {"version": "x8.10.3", "status": "affected"}, {"version": "x8.10.4", "status": "affected"}, {"version": "x12.5.8", "status": "affected"}, {"version": "x12.5.9", "status": "affected"}, {"version": "x12.5.0", "status": "affected"}, {"version": "x12.5.2", "status": "affected"}, {"version": "x12.5.7", "status": "affected"}, {"version": "x12.5.3", "status": "affected"}, {"version": "x12.5.4", "status": "affected"}, {"version": "x12.5.5", "status": "affected"}, {"version": "x12.5.1", "status": "affected"}, {"version": "x12.5.6", "status": "affected"}, {"version": "x12.6.0", "status": "affected"}, {"version": "x12.6.1", "status": "affected"}, {"version": "x12.6.2", "status": "affected"}, {"version": "x12.6.3", "status": "affected"}, {"version": "x12.6.4", "status": "affected"}, {"version": "x12.7.0", "status": "affected"}, {"version": "x12.7.1", "status": "affected"}, {"version": "x8.11.1", "status": "affected"}, {"version": "x8.11.2", "status": "affected"}, {"version": "x8.11.4", "status": "affected"}, {"version": "x8.11.3", "status": "affected"}, {"version": "x8.11.0", "status": "affected"}, {"version": "x14.0.1", "status": "affected"}, {"version": "x14.0.3", "status": "affected"}, {"version": "x14.0.2", "status": "affected"}, {"version": "x14.0.4", "status": "affected"}, {"version": "x14.0.5", "status": "affected"}, {"version": "x14.0.6", "status": "affected"}, {"version": "x14.0.7", "status": "affected"}, {"version": "x14.0.8", "status": "affected"}, {"version": "x14.0.9", "status": "affected"}, {"version": "x14.0.10", "status": "affected"}, {"version": "x14.0.11", "status": "affected"}, {"version": "x14.2.1", "status": "affected"}, {"version": "x14.2.2", "status": "affected"}, {"version": "x14.2.5", "status": "affected"}, {"version": "x14.2.6", "status": "affected"}, {"version": "x14.2.0", "status": "affected"}, {"version": "x14.2.7", "status": "affected"}, {"version": "x14.3.0", "status": "affected"}, {"version": "x14.3.1", "status": "affected"}, {"version": "x14.3.2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-08T05:00:09.985386Z", "id": "CVE-2024-20252", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T20:37:52.838Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.791Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", "name": "cisco-sa-expressway-csrf-KnnZDMj3", "tags": ["x_transferred"]}]}]}} 
MITRE
Vulnrichment
NVD
Redhat