fkie_nvd - fkie_cve-2024-20400

fkie_cve-2024-20400

Vulnerability from fkie_nvd

Published

2024-07-17 17:15

Modified

2025-07-31 16:40

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	telepresence_video_communication_server	x8.1
cisco	telepresence_video_communication_server	x8.1.1
cisco	telepresence_video_communication_server	x8.1.2
cisco	telepresence_video_communication_server	x8.2
cisco	telepresence_video_communication_server	x8.2.1
cisco	telepresence_video_communication_server	x8.2.2
cisco	telepresence_video_communication_server	x8.5
cisco	telepresence_video_communication_server	x8.5.1
cisco	telepresence_video_communication_server	x8.5.3
cisco	telepresence_video_communication_server	x8.6
cisco	telepresence_video_communication_server	x8.6.1
cisco	telepresence_video_communication_server	x8.7
cisco	telepresence_video_communication_server	x8.7.1
cisco	telepresence_video_communication_server	x8.7.2
cisco	telepresence_video_communication_server	x8.7.3
cisco	telepresence_video_communication_server	x8.8
cisco	telepresence_video_communication_server	x8.8.1
cisco	telepresence_video_communication_server	x8.8.2
cisco	telepresence_video_communication_server	x8.8.3
cisco	telepresence_video_communication_server	x8.9
cisco	telepresence_video_communication_server	x8.9.1
cisco	telepresence_video_communication_server	x8.9.2
cisco	telepresence_video_communication_server	x8.10.0
cisco	telepresence_video_communication_server	x8.10.1
cisco	telepresence_video_communication_server	x8.10.2
cisco	telepresence_video_communication_server	x8.10.3
cisco	telepresence_video_communication_server	x8.10.4
cisco	telepresence_video_communication_server	x8.11.0
cisco	telepresence_video_communication_server	x8.11.1
cisco	telepresence_video_communication_server	x8.11.2
cisco	telepresence_video_communication_server	x8.11.3
cisco	telepresence_video_communication_server	x8.11.4
cisco	telepresence_video_communication_server	x12.5.0
cisco	telepresence_video_communication_server	x12.5.1
cisco	telepresence_video_communication_server	x12.5.2
cisco	telepresence_video_communication_server	x12.5.3
cisco	telepresence_video_communication_server	x12.5.4
cisco	telepresence_video_communication_server	x12.5.5
cisco	telepresence_video_communication_server	x12.5.6
cisco	telepresence_video_communication_server	x12.5.7
cisco	telepresence_video_communication_server	x12.5.8
cisco	telepresence_video_communication_server	x12.5.9
cisco	telepresence_video_communication_server	x12.6.0
cisco	telepresence_video_communication_server	x12.6.1
cisco	telepresence_video_communication_server	x12.6.2
cisco	telepresence_video_communication_server	x12.6.3
cisco	telepresence_video_communication_server	x12.6.4
cisco	telepresence_video_communication_server	x12.7.0
cisco	telepresence_video_communication_server	x12.7.1
cisco	telepresence_video_communication_server	x14.0.1
cisco	telepresence_video_communication_server	x14.0.2
cisco	telepresence_video_communication_server	x14.0.3
cisco	telepresence_video_communication_server	x14.0.4
cisco	telepresence_video_communication_server	x14.0.5
cisco	telepresence_video_communication_server	x14.0.6
cisco	telepresence_video_communication_server	x14.0.7
cisco	telepresence_video_communication_server	x14.0.8
cisco	telepresence_video_communication_server	x14.0.9
cisco	telepresence_video_communication_server	x14.0.10
cisco	telepresence_video_communication_server	x14.0.11
cisco	telepresence_video_communication_server	x14.2.0
cisco	telepresence_video_communication_server	x14.2.1
cisco	telepresence_video_communication_server	x14.2.2
cisco	telepresence_video_communication_server	x14.2.5
cisco	telepresence_video_communication_server	x14.2.6
cisco	telepresence_video_communication_server	x14.2.7
cisco	telepresence_video_communication_server	x14.3.0
cisco	telepresence_video_communication_server	x14.3.1
cisco	telepresence_video_communication_server	x14.3.2
cisco	telepresence_video_communication_server	x14.3.3
cisco	telepresence_video_communication_server	x14.3.4
cisco	telepresence_video_communication_server	x14.3.5
cisco	telepresence_video_communication_server	x15.0.0
cisco	telepresence_video_communication_server	x15.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "73A2A365-59AA-48B9-9ABF-914C2B80C7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "98BDD88B-DF43-4F7C-A6C0-1EECE9C85355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "BE860BF8-AC42-4C10-BC65-9DBF8050E682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C03A7AEA-8411-4693-84A9-7ADC7F08D87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0D98AE26-55C9-4BA7-B82C-5B328E689418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D50E9F77-0575-43E0-AF83-9A932F4D4F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F91E793-E37D-4823-B078-DA96AB422967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "3F16B185-879A-4BA8-B4EB-B032FC8B9674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "95FC0285-58F4-4C17-9DB0-0A495A7FE9BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E9BB8E50-74EF-4726-A069-C90B09201593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8AEF5B51-8609-40D8-A01B-6696B012FCB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1590C980-506C-4689-AA91-6C647CC3AF28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "4E9D0839-13E1-4C95-AFEF-3071A977AB5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6E714552-FDEF-4971-959F-3615E34E6F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "20A5441C-7798-4EAD-9428-6DA4EF354807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1BE2198F-DF53-497E-9945-062ADD3787F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0D7C383F-30E2-4F22-B35D-B73671D1BBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "B478B2B7-269C-4813-A004-225D90715A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "CBEB2506-7F1B-4227-B5BD-47B28778D7AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "A000BA48-4ABC-46D4-89EB-CEA8D754B708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "66CBF53D-4174-463A-B902-E50FF63E39B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F642A732-BA7E-493F-BE62-273997AF3328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "76688320-EE54-4662-BE15-F721EA55D5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F0B562E3-5E36-4899-A57A-90E653737B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "EA6FF488-FBED-40E6-92CC-39B8749171C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "F84981B5-0E55-40D6-92F9-57C03A24A44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "A9A37F14-5F65-4C99-A0E2-EACABEDF2286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6F7DC504-15CA-4D44-90E5-5684F474A7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "36BD629F-0183-41C2-9547-08EAE359BD00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "26301BB9-38C0-473F-9FAF-E5DF70E29A36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "29C38DD2-E763-4B59-83C7-050D08D91637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "684A39DB-7850-4932-922D-9E7A62FC608A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "81B09C18-F930-4B67-8309-7FA0889039C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "E172DA2A-37B4-4387-AE92-0F0D4F60F736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D09EB9B0-5212-4E32-95E9-93BEC53B4AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "2221FF76-F13A-4E8D-88EB-2757AB6DCDCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "FBEE5E76-A827-4031-B1C1-4961C277C5F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "156F7D5E-DC54-4687-B80F-3281C779135F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8BDFCFC1-8230-4051-9B5D-73349C288E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "98E3BF27-037E-474F-B55A-12750943499D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F2CF11F-735B-458F-9F2F-8E2322FC39DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "22089B78-2048-4192-826B-76AA3FAE7E22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "C826FD6A-948C-4B09-8061-E800BD6E1963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "2CE43D3E-BC2F-4CBC-8213-13028B88B1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "60DF84F3-B71E-4860-A6B7-61AB5D201702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "06852E84-8BEC-403D-BB70-07A4F51054E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "7090851D-B154-435B-8F25-06E365334D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D1A6AB08-E97C-4865-B225-0EA77AA73366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0EE6F371-C8E2-4B4E-855E-882395C02801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "711A5AE8-087C-4471-BA1B-C3B70EED1427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "4B0339D9-9CA8-4376-A60B-94429B993E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9F656226-EAB4-4B9D-965B-872FA62BDA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.9:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1543EF6E-9B45-4FD4-B435-6579FE7F2C54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.10:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "1AA8FED6-4E07-4C0D-8DF7-605C230B7D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.11:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0343AAE7-94DF-43E4-AF29-9EC1B320A58E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "CA0CFF47-8107-40BC-9E29-69E829A7FCE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "89E4FDB4-B74A-4622-A47F-2EDCB6D57F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "CC1B741E-9D6F-428F-B403-2FB0DF52DCE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "16FDBC96-2C3A-4615-8AE7-90DEB68E2952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "05AB5287-62D0-4510-B4AF-9AC0A757CE3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.7:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "0DAE5BA7-833B-4FB1-8F04-80FC02BD444F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "10582312-5717-4A91-AE3E-9A907C8A338B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8FEE44F0-FBC5-470F-BB66-C1C672032B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.2:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "8B1EDE63-DE13-47AC-BC19-6F5EB4D00BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.3:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "B2B49119-47FF-4751-A9EC-D34ABAD3A9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.4:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "193C4B32-EE7D-42CE-B851-00CDDBA07D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.5:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9137356B-264C-4D1F-B37A-DB5FE96B1A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.0:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "7DB74EB7-1B43-4F61-818C-CACC4661F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.1:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "9B8E94B6-6B64-4060-B264-623B7CAA456E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.\r\n\r Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Expressway Series podr\u00eda permitir que un atacante remoto no autenticado redirija a un usuario a una p\u00e1gina web maliciosa. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada incorrecta de los par\u00e1metros de solicitud HTTP. Un atacante podr\u00eda aprovechar esta vulnerabilidad interceptando y modificando una solicitud HTTP de un usuario. Un exploit exitoso podr\u00eda permitir al atacante redirigir al usuario a una p\u00e1gina web maliciosa. Nota: La serie Cisco Expressway se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E)."
    }
  ],
  "id": "CVE-2024-20400",
  "lastModified": "2025-07-31T16:40:38.417",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-17T17:15:13.300",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-20400 (GCVE-0-2024-20400)

Vulnerability from cvelistv5

Published

2024-07-17 16:29

Modified

2024-08-01 21:59