A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2024-02-07T16:15:36.068Z
Updated: 2024-02-07T16:15:36.068Z
Reserved: 2023-11-08T15:08:07.622Z
Link: CVE-2024-20255
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-07T17:15:10.327
Modified: 2024-02-15T15:54:19.960
Link: CVE-2024-20255
JSON object: View
Redhat Information
No data.
CWE