U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-20254

Change History

New CVE Received by NIST 2/07/2024 12:15:10 PM

Action Type Old Value New Value
Added CVSS V3.1

								
							
							
						
Cisco Systems, Inc. AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Added CWE

								
							
							
						
Cisco Systems, Inc. CWE-352
Added Description

								
							
							
						
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. 

 Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

 For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
Added Reference

								
							
							
						
Cisco Systems, Inc. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 [No types assigned]