Cyber Resilience

CVE-2024-20252

Critical

Published: 07 February 2024

Published
07 February 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0338 87.6th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20252 is a critical-severity CSRF (CWE-352) vulnerability in Cisco Expressway. Its CVSS base score is 9.6 (Critical).

Operationally, ranked in the top 12.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-20252 is a cross-site request forgery vulnerability (CWE-352) affecting Cisco Expressway Series devices, specifically Expressway-C and Expressway-E, as well as Cisco TelePresence Video Communication Server (VCS). The flaw enables an unauthenticated remote attacker to trigger arbitrary actions on the device through maliciously crafted web requests.

An attacker can exploit the issue by luring an authenticated administrator into interacting with attacker-controlled content, resulting in unauthorized configuration changes or other actions with high impact to confidentiality, integrity, and availability. The CVSS 9.6 score reflects network attack vector, low complexity, no required privileges, and required user interaction that nonetheless yields critical scope.

EPSS for the CVE rose from low values to a peak of 0.0736 on 2025-12-11 before receding to the current 0.0338, indicating a temporary increase in observed exploitation interest after disclosure. The primary Cisco advisory at the referenced URL contains official mitigation guidance.

EU & UK References

Vulnerability details

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to…

more

Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
expressway
≤ 15.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-352

Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.

addresses: CWE-352

Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.

addresses: CWE-352

Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.

addresses: CWE-352

Detects anomalous request patterns consistent with cross-site request forgery.

References