From f799ec2b6ad86206158f192951401a4783612419 Mon Sep 17 00:00:00 2001 From: CharlesRN <125233614+CharlesRN@users.noreply.github.com> Date: Fri, 9 Feb 2024 07:51:31 +0800 Subject: [PATCH] Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities (#506) * Cisco Expressway Advisory * Format markdown files * Update 20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md changing of links * Format markdown files --------- Co-authored-by: GitHub Actions Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> --- ...ssway-Series-Cross_Site-Request-Forgery.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 docs/advisories/20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md diff --git a/docs/advisories/20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md b/docs/advisories/20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md new file mode 100644 index 00000000..a6627d67 --- /dev/null +++ b/docs/advisories/20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md @@ -0,0 +1,25 @@ +# Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities - 20240208003 + +## Overview + +Cisco has released a security advisory relating to multiple vulnerabilities for their Cisco Expressway product that could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks and perform arbitrary actions on an affected device. + +## What is vulnerable? + +| Product(s) Affected | Summary | Severity | CVSS | +| --------------------------------------------------------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---- | +| **[CVE-2024-20252](https://nvd.nist.gov/vuln/detail/CVE-2024-20252)** | | **[CRITICAL](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2024-20252&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H&version=3.1&source=Cisco%20Systems,%20Inc.)** | 9.6 | +| **[CVE-2024-20254](https://nvd.nist.gov/vuln/detail/CVE-2024-20254)** | | **[CRITICAL](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2024-20254&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H&version=3.1&source=Cisco%20Systems,%20Inc.)** | 9.6 | +| **[CVE-2024-20255](https://nvd.nist.gov/vuln/detail/CVE-2024-20255)** | | **[HIGH](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2024-20255&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L&version=3.1&source=Cisco%20Systems,%20Inc.)** | 8.2 | + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): + +## Additional References + +- [Cisco Security Advisory(cisco.com)](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3)