CNVD-2025-06740 — Vulnetix

CNVD-2025-06740 PUBLISHED CVSS 8.199999809265137 HIGH

Cisco Expressway Series是美国思科(Cisco)公司的一款用于防火墙外访问设备的软件。 Cisco Expressway Series存在跨站请求伪造漏洞，攻击者可利用该漏洞修改敏感信息或者执行未授权操作。

Risk Scores

CVSS 3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L

Affected Products

Vendor	Product	Versions
Cisco	Cisco TelePresence Video Communication Server (VCS) Expressway	X8.5.1, X8.5.3, X8.5

Exploit Intelligence

CIRCL seen: CVE-2024-20255 (circl-sighting)
CIRCL seen: CVE-2024-20255 (circl-sighting)
CIRCL seen: CVE-2024-20255 (circl-sighting)
CIRCL seen: CVE-2024-20255 (circl-sighting)
CIRCL seen: CVE-2024-20255 (circl-sighting)
CIRCL seen: CVE-2024-20255 (circl-sighting)
CIRCL seen: CVE-2024-20255 (circl-sighting)
cisco-sa-expressway-csrf-KnnZDMj3 (circl)

Timeline

Feb 7, 2024 CVE Published
Feb 7, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Feb 8, 2024 PoC Published
Mar 1, 2024 PoC Published

References

cisco-sa-expressway-csrf-KnnZDMj3 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›