CVE-2024-20252
Published: 07 February 2024
Summary
CVE-2024-20252 is a critical-severity CSRF (CWE-352) vulnerability in Cisco Expressway. Its CVSS base score is 9.6 (Critical).
Operationally, ranked in the top 12.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-20252 is a cross-site request forgery vulnerability (CWE-352) affecting Cisco Expressway Series devices, specifically Expressway-C and Expressway-E, as well as Cisco TelePresence Video Communication Server (VCS). The flaw enables an unauthenticated remote attacker to trigger arbitrary actions on the device through maliciously crafted web requests.
An attacker can exploit the issue by luring an authenticated administrator into interacting with attacker-controlled content, resulting in unauthorized configuration changes or other actions with high impact to confidentiality, integrity, and availability. The CVSS 9.6 score reflects network attack vector, low complexity, no required privileges, and required user interaction that nonetheless yields critical scope.
EPSS for the CVE rose from low values to a peak of 0.0736 on 2025-12-11 before receding to the current 0.0338, indicating a temporary increase in observed exploitation interest after disclosure. The primary Cisco advisory at the referenced URL contains official mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17967
Vulnerability details
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to…
more
Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.
Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.
Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.
Detects anomalous request patterns consistent with cross-site request forgery.