Critical Vulnerabilities in Cisco Expressway Series

Bar Refael

February 8, 2024

Cisco has disclosed multiple vulnerabilities in its Expressway Series collaboration gateways, with three identified as posing significant risks to network security. Among these, two critical vulnerabilities, CVE-2024-20252 and CVE-2024-20254, enable Cross-Site Request Forgery (CSRF) attacks that could lead to privilege escalation and unauthorized system modifications. A third, less severe vulnerability, CVE-2024-20255, could result in configuration alterations and denial of service (DoS). These findings emphasize the necessity for immediate patch application and heightened security measures.

Vulnerability Details

  • CVE-2024-20252 and CVE-2024-20254 (CVSS 9.6):
    • Type: CSRF
    • Impact: Allow unauthenticated attackers to remotely exploit the vulnerabilities, potentially gaining administrative privileges or executing arbitrary code by deceiving authenticated users into clicking malicious links.
    • Affected Configurations: CVE-2024-20254 and CVE-2024-20255 impact devices with default configurations. CVE-2024-20252 targets systems where the cluster database (CDB) API feature is enabled.
  • CVE-2024-20255 (CVSS 8.2):
    • Type: CSRF
    • Impact: Can be exploited to alter system configurations and trigger DoS conditions, affecting the network’s availability and integrity.

Attack Scenario and Exploitation

Attackers exploiting these vulnerabilities could manipulate authenticated users into executing unintended actions without their knowledge, leading to severe security breaches. The exploitation of these flaws could result in unauthorized creation of user accounts, execution of arbitrary code, and gaining of administrative privileges, thereby compromising sensitive systems and data.

Response and Mitigation

Cisco has released patches for these vulnerabilities as of October 26, 2023. Organizations using affected Cisco Expressway Series products are urged to apply these patches immediately:

  • For versions earlier than 14.0: Migrate to a fixed release.
  • Version 14.0: Update to 14.3.4.
  • Version 15.0: Not vulnerable.

Furthermore, Cisco has announced that the Cisco TelePresence Video Communication Server (VCS) gateway, having reached its end-of-support date on December 31, 2023, will not receive security updates for these vulnerabilities. Organizations still utilizing the VCS gateway should consider alternative measures to mitigate risks.

Threat Landscape and Impact

The disclosure and patching of these vulnerabilities come in the wake of Cisco’s ongoing efforts to secure its network infrastructure products against sophisticated cyber threats. While there have been no reported exploitation attempts or proof-of-concept exploits for these vulnerabilities, the potential impact underscores the importance of maintaining up-to-date security measures.


The recent discovery of CSRF vulnerabilities in Cisco’s Expressway Series collaboration gateways highlights the critical need for vigilance and proactive security practices in protecting network infrastructures. By adhering to Cisco’s patching guidance and implementing robust security protocols, organizations can significantly mitigate the risk posed by these vulnerabilities and safeguard their networks against potential exploits.

Stay informed and secure,

OP Innovate.

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Under Cyber Attack?

Fill out the form and we will contact you immediately.