Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Expressway Edge Improper Authorization Vulnerability

cisco-sa-expressway-auth-kdFrcZ2j · Medium · Published · Updated

A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-auth-kdFrcZ2j

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2024-20497
Cisco Bug IDsCSCwa25058
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco TelePresence Video Communication Server (VCS) Expressway

Related Products

Product CVE Evidence
Cisco TelePresence Video Communication Server (VCS) Expressway CVE-2024-20497 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) CVE-2024-20497 Cisco OpenVuln
Cisco TelePresence CVE-2024-20497 Cisco OpenVuln
Cisco Expressway CVE-2024-20497 Cisco OpenVuln