Cisco fixes critical Expressway Series CSRF vulnerabilities

Pierluigi Paganini February 08, 2024

CISCO fixed two critical flaws in Expressway Series collaboration gateways exposing vulnerable devices to cross-site request forgery (CSRF) attacks.

Cisco addressed several vulnerabilities in its Expressway Series collaboration gateways, two of which, tracked as CVE-2024-20252 and CVE-2024-20254, are critical flaws that can lead to cross-site request forgery (CSRF) attacks.

“Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks, which could allow the attacker to perform arbitrary actions on an affected device.” reads the advisory.

An unauthenticated, remote attacker can exploit the flaws to carry out CSRF attacks on an affected system.

The company states that the two flaws are due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by tricking a user of the API to click on a crafted link.

“A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.” continues the advisory.

The IT giant also addressed a third CSRF flaw tracked as CVE-2024-20255 can also be exploited to carry out multiple actions, including overwriting system configuration settings, which could prevent the system from processing calls properly and result in a denial of service (DoS) condition.

According to the advisory, CVE-2024-20252 can only be exploited to attack gateways where the cluster database (CDB) API feature has been enabled. CVE-2024-20254 and CVE-2024-20255 only affect Cisco Expressway Series devices in the default configuration.

The company urges customers to upgrade to an appropriate fixed software release:

Cisco Expressway Series ReleaseFirst Fixed Release
Earlier than 14.0Migrate to a fixed release.

Cisco’s Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – Hacking, CSRF)

you might also like

leave a comment