CVE-2024-20400

MEDIUM EPSS 29.6%
Published Jul 17, 20241y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jul 17, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

CVSS Details

Base Score
4.7
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
29.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-601

Affected Products 74

VendorProductVersionRange
ciscotelepresence_video_communication_serverx8.1any
ciscotelepresence_video_communication_serverx8.1.1any
ciscotelepresence_video_communication_serverx8.1.2any
ciscotelepresence_video_communication_serverx8.2any
ciscotelepresence_video_communication_serverx8.2.1any
ciscotelepresence_video_communication_serverx8.2.2any
ciscotelepresence_video_communication_serverx8.5any
ciscotelepresence_video_communication_serverx8.5.1any
ciscotelepresence_video_communication_serverx8.5.3any
ciscotelepresence_video_communication_serverx8.6any
ciscotelepresence_video_communication_serverx8.6.1any
ciscotelepresence_video_communication_serverx8.7any
ciscotelepresence_video_communication_serverx8.7.1any
ciscotelepresence_video_communication_serverx8.7.2any
ciscotelepresence_video_communication_serverx8.7.3any
ciscotelepresence_video_communication_serverx8.8any
ciscotelepresence_video_communication_serverx8.8.1any
ciscotelepresence_video_communication_serverx8.8.2any
ciscotelepresence_video_communication_serverx8.8.3any
ciscotelepresence_video_communication_serverx8.9any
ciscotelepresence_video_communication_serverx8.9.1any
ciscotelepresence_video_communication_serverx8.9.2any
ciscotelepresence_video_communication_serverx8.10.0any
ciscotelepresence_video_communication_serverx8.10.1any
ciscotelepresence_video_communication_serverx8.10.2any
ciscotelepresence_video_communication_serverx8.10.3any
ciscotelepresence_video_communication_serverx8.10.4any
ciscotelepresence_video_communication_serverx8.11.0any
ciscotelepresence_video_communication_serverx8.11.1any
ciscotelepresence_video_communication_serverx8.11.2any
ciscotelepresence_video_communication_serverx8.11.3any
ciscotelepresence_video_communication_serverx8.11.4any
ciscotelepresence_video_communication_serverx12.5.0any
ciscotelepresence_video_communication_serverx12.5.1any
ciscotelepresence_video_communication_serverx12.5.2any
ciscotelepresence_video_communication_serverx12.5.3any
ciscotelepresence_video_communication_serverx12.5.4any
ciscotelepresence_video_communication_serverx12.5.5any
ciscotelepresence_video_communication_serverx12.5.6any
ciscotelepresence_video_communication_serverx12.5.7any
ciscotelepresence_video_communication_serverx12.5.8any
ciscotelepresence_video_communication_serverx12.5.9any
ciscotelepresence_video_communication_serverx12.6.0any
ciscotelepresence_video_communication_serverx12.6.1any
ciscotelepresence_video_communication_serverx12.6.2any
ciscotelepresence_video_communication_serverx12.6.3any
ciscotelepresence_video_communication_serverx12.6.4any
ciscotelepresence_video_communication_serverx12.7.0any
ciscotelepresence_video_communication_serverx12.7.1any
ciscotelepresence_video_communication_serverx14.0.1any
ciscotelepresence_video_communication_serverx14.0.2any
ciscotelepresence_video_communication_serverx14.0.3any
ciscotelepresence_video_communication_serverx14.0.4any
ciscotelepresence_video_communication_serverx14.0.5any
ciscotelepresence_video_communication_serverx14.0.6any
ciscotelepresence_video_communication_serverx14.0.7any
ciscotelepresence_video_communication_serverx14.0.8any
ciscotelepresence_video_communication_serverx14.0.9any
ciscotelepresence_video_communication_serverx14.0.10any
ciscotelepresence_video_communication_serverx14.0.11any
ciscotelepresence_video_communication_serverx14.2.0any
ciscotelepresence_video_communication_serverx14.2.1any
ciscotelepresence_video_communication_serverx14.2.2any
ciscotelepresence_video_communication_serverx14.2.5any
ciscotelepresence_video_communication_serverx14.2.6any
ciscotelepresence_video_communication_serverx14.2.7any
ciscotelepresence_video_communication_serverx14.3.0any
ciscotelepresence_video_communication_serverx14.3.1any
ciscotelepresence_video_communication_serverx14.3.2any
ciscotelepresence_video_communication_serverx14.3.3any
ciscotelepresence_video_communication_serverx14.3.4any
ciscotelepresence_video_communication_serverx14.3.5any
ciscotelepresence_video_communication_serverx15.0.0any
ciscotelepresence_video_communication_serverx15.0.1any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.