Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL VULNERABILITIES IN CISCO EXPRESSWAY SERIES & TELEPRESENCE VCS, PATCH IMMEDIATELY!
Image
Published : 08/02/2024
Reference:
Advisory #2024-21
Version:
1.0
Affected software:
Cisco Expressway series & Cisco TelePresence Video Communication Server (VCS)
Type:
Cross-Site Request Forgery (CSRF)
CVE/CVSS:
CVE-2024-20252: CVSS 9.6 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)CVE-2024-20254: CVSS 9.6 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
Sources
Risks
Multiple vulnerabilities in the Cisco Expressway Series could enable an unauthenticated, remote attacker to carry out cross-site request forgery (CSRF) attacks, allowing the attacker to run arbitrary actions on an affected device.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible. Analyze system and network logs for any suspicious activity. This report has instructions to help your organization.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
Description
Multiple vulnerabilities in the Cisco Expressway Series could enable an unauthenticated, remote attacker to carry out cross-site request forgery (CSRF) attacks, allowing the attacker to run arbitrary actions on an affected device.
An attacker could exploit these vulnerabilities by persuading a user of the API to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.
Cisco has released software patches that address these vulnerabilities.
Recommended Actions
Patch
The Centre for Cyber Security Belgium strongly recommends installing updates for vulnerable software with the highest priority, after thorough testing.
The latest version of the involved product can be found on their website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.