CVE-2024-20497

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Edge (Expressway-E) (affected versions not specified)

Description: A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This issue is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands, potentially allowing them to intercept calls destined for a particular phone number or make phone calls with a spoofed caller ID. The attacker must be an MRA user on an affected system to successfully exploit this vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.