Cisco has released patches to address multiple cross-site forgery request (CSRF) vulnerabilities discovered in certain versions of its Expressway Series collaboration gateways. The flaws, designated CVE-2024-20252, CVE-2024-20254, and CVE-2024-20255, are critical vulnerabilities that could be remotely exploited by unauthenticated threat actors.
CSRF attacks force users into submitting malicious requests on behalf of the threat actor using the identity and privileges of the victim. A successful attack allows the threat actor to execute arbitrary actions with the same privileges as the affected user. If the affected user has administrative privileges, this could lead to denial-of-service conditions, creation of new privileged accounts, and system re-configuration.
Cisco has advised it has not observed any publicly available proof-of-concept exploit code for the vulnerabilities nor has it observed any exploitation attempts. The company is advising all users of the affected systems to install the latest security patch as soon as possible.
Source: Bleeping Computer
Analysis
This news comes shortly after a security researcher discovered CVE-2024-20253, a maximum severity vulnerability in Cisco’s Unified Communications Manager and Contact Center Solutions products. When exploited, this flaw could allow an unauthenticated, remote threat actor to execute arbitrary code simply by sending a specially crafted message to the vulnerable device.
Fortunately, Cisco has been quick to identify the recent flaws and release patches addressing them, providing threat actors with very little time to develop and deploy exploits against the vulnerable products. However, not all users will update their systems in a timely manner, if at all, giving threat actors with the motivation and skillset a potential opportunity for an attack.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software, appliances, and operating systems. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Covalence portal.
Field Effect strongly encourages users of affected Cisco products install the latest security patch as soon as possible in accordance with Cisco’s advisory.
Related articles
