Open Nav
Sign Up

Critical Vulnerabilities in Cisco Expressway Series

Bar Refael

February 8, 2024

Cisco has disclosed multiple vulnerabilities in its Expressway Series collaboration gateways, with three identified as posing significant risks to network security. Among these, two critical vulnerabilities, CVE-2024-20252 and CVE-2024-20254, enable Cross-Site Request Forgery (CSRF) attacks that could lead to privilege escalation and unauthorized system modifications. A third, less severe vulnerability, CVE-2024-20255, could result in configuration alterations and denial of service (DoS). These findings emphasize the necessity for immediate patch application and heightened security measures.

Vulnerability Details

  • CVE-2024-20252 and CVE-2024-20254 (CVSS 9.6):
    • Type: CSRF
    • Impact: Allow unauthenticated attackers to remotely exploit the vulnerabilities, potentially gaining administrative privileges or executing arbitrary code by deceiving authenticated users into clicking malicious links.
    • Affected Configurations: CVE-2024-20254 and CVE-2024-20255 impact devices with default configurations. CVE-2024-20252 targets systems where the cluster database (CDB) API feature is enabled.
  • CVE-2024-20255 (CVSS 8.2):
    • Type: CSRF
    • Impact: Can be exploited to alter system configurations and trigger DoS conditions, affecting the network’s availability and integrity.

Attack Scenario and Exploitation

Attackers exploiting these vulnerabilities could manipulate authenticated users into executing unintended actions without their knowledge, leading to severe security breaches. The exploitation of these flaws could result in unauthorized creation of user accounts, execution of arbitrary code, and gaining of administrative privileges, thereby compromising sensitive systems and data.

Response and Mitigation

Cisco has released patches for these vulnerabilities as of October 26, 2023. Organizations using affected Cisco Expressway Series products are urged to apply these patches immediately:

  • For versions earlier than 14.0: Migrate to a fixed release.
  • Version 14.0: Update to 14.3.4.
  • Version 15.0: Not vulnerable.

Furthermore, Cisco has announced that the Cisco TelePresence Video Communication Server (VCS) gateway, having reached its end-of-support date on December 31, 2023, will not receive security updates for these vulnerabilities. Organizations still utilizing the VCS gateway should consider alternative measures to mitigate risks.

Threat Landscape and Impact

The disclosure and patching of these vulnerabilities come in the wake of Cisco’s ongoing efforts to secure its network infrastructure products against sophisticated cyber threats. While there have been no reported exploitation attempts or proof-of-concept exploits for these vulnerabilities, the potential impact underscores the importance of maintaining up-to-date security measures.

Conclusion

The recent discovery of CSRF vulnerabilities in Cisco’s Expressway Series collaboration gateways highlights the critical need for vigilance and proactive security practices in protecting network infrastructures. By adhering to Cisco’s patching guidance and implementing robust security protocols, organizations can significantly mitigate the risk posed by these vulnerabilities and safeguard their networks against potential exploits.

Stay informed and secure,

OP Innovate.

Resources highlights

Critical Gitea Docker Authentication Bypass Under Active Probing: CVE-2026-20896

A critical authentication bypass vulnerability, tracked as CVE-2026-20896, has been disclosed in the official Gitea Docker image. Gitea is a self-hosted software development platform used…

Read more >

gitea_docker_cve-2026-20896

Adobe Patches Multiple Critical ColdFusion and Campaign Classic Vulnerabilities: CVE-2026-48282 Exploitation Observed

Adobe has released security updates for multiple critical vulnerabilities affecting Adobe ColdFusion and Adobe Campaign Classic, including several flaws rated CVSS 10.0.CVE-2026-48282, a critical ColdFusion…

Read more >

adobe_coldfusion_campaign classic_cve-2026-48282

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business

Cisco Unified CM Vulnerability CVE-2026-20230 Targeted After Public PoC Disclosure 

Cisco has disclosed and patched CVE-2026-20230, a critical SSRF vulnerability affecting Cisco Unified Communications Manager and Unified CM SME when the WebDialer service is enabled.…

Read more >

CVE-2026-20230

Microsoft Confirms Unpatched RoguePlanet Defender Zero-Day (CVE-2026-50656)

Microsoft has confirmed a new Microsoft Defender zero-day vulnerability tracked as CVE-2026-50656 and publicly referred to as RoguePlanet. The flaw affects the Microsoft Malware Protection…

Read more >

RoguePlanet_cve-2026-50656

FortiBleed Campaign Exposes Fortinet Firewall and VPN Credentials at Scale

A large-scale credential abuse campaign dubbed FortiBleed has reportedly affected tens of thousands of Fortinet firewall and VPN devices worldwide. Public reporting indicates that threat…

Read more >

fortibleed
Under Cyber Attack?

Fill out the form and we will contact you immediately.