CVE-2024-20254

Name of the Vulnerable Software and Affected Versions Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) (affected versions not specified)

Description The issue concerns multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks, performing arbitrary actions on an affected device. This could potentially impact devices worldwide, but the exact number is not specified. The vulnerabilities are related to the application programming interface of the devices, which could be exploited to carry out CSRF attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.