Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities

CVE numbers CVE-2024-20252 and CVE-2024-20254 and CVE-2024-20255

Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks, which could allow the attacker to perform arbitrary actions on an affected device.

Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

CVE-2024-20254 and CVE-2024-20255: These vulnerabilities affect Cisco Expressway Series devices in the default configuration.

CVE-2024-20252: This vulnerability affects Cisco Expressway Series devices if the cluster database (CDB) API feature has been enabled. This feature is disabled by default in Cisco Expressway Series releases 14.2 and later. In releases earlier than Cisco Expressway Series Release 14.2, the cluster database (CDB) API feature is enabled by default and cannot be disabled.

CVE-2024-20252 and CVE-2024-20254: Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities

Two vulnerabilities in the API of Cisco Expressway Series devices could allow an unauthenticated, remote attacker to conduct CSRF attacks on an affected system.

These vulnerabilities are due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by persuading a user of the API to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

CVE-2024-20255: Cisco Expressway Series Cross-Site Request Forgery Vulnerability

A vulnerability in the API of the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a CSRF attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the API to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include overwriting system configuration settings, which could prevent the system from processing calls properly and result in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This Cisco advisory is available at :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3