{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20400", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.660Z", "datePublished": "2024-07-17T16:29:36.302Z", "dateUpdated": "2024-08-01T21:59:41.611Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-07-17T16:29:36.302Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.\r\n\r Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."}], "affected": [{"vendor": "Cisco", "product": "Cisco TelePresence Video Communication Server (VCS) Expressway", "versions": [{"version": "X8.5.1", "status": "affected"}, {"version": "X8.5.3", "status": "affected"}, {"version": "X8.5", "status": "affected"}, {"version": "X8.6.1", "status": "affected"}, {"version": "X8.6", "status": "affected"}, {"version": "X8.1.1", "status": "affected"}, {"version": "X8.1.2", "status": "affected"}, {"version": "X8.1", "status": "affected"}, {"version": "X8.2.1", "status": "affected"}, {"version": "X8.2.2", "status": "affected"}, {"version": "X8.2", "status": "affected"}, {"version": "X8.7.1", "status": "affected"}, {"version": "X8.7.2", "status": "affected"}, {"version": "X8.7.3", "status": "affected"}, {"version": "X8.7", "status": "affected"}, {"version": "X8.8.1", "status": "affected"}, {"version": "X8.8.2", "status": "affected"}, {"version": "X8.8.3", "status": "affected"}, {"version": "X8.8", "status": "affected"}, {"version": "X8.9.1", "status": "affected"}, {"version": "X8.9.2", "status": "affected"}, {"version": "X8.9", "status": "affected"}, {"version": "X8.10.0", "status": "affected"}, {"version": "X8.10.1", "status": "affected"}, {"version": "X8.10.2", "status": "affected"}, {"version": "X8.10.3", "status": "affected"}, {"version": "X8.10.4", "status": "affected"}, {"version": "X12.5.8", "status": "affected"}, {"version": "X12.5.9", "status": "affected"}, {"version": "X12.5.0", "status": "affected"}, {"version": "X12.5.2", "status": "affected"}, {"version": "X12.5.7", "status": "affected"}, {"version": "X12.5.3", "status": "affected"}, {"version": "X12.5.4", "status": "affected"}, {"version": "X12.5.5", "status": "affected"}, {"version": "X12.5.1", "status": "affected"}, {"version": "X12.5.6", "status": "affected"}, {"version": "X12.6.0", "status": "affected"}, {"version": "X12.6.1", "status": "affected"}, {"version": "X12.6.2", "status": "affected"}, {"version": "X12.6.3", "status": "affected"}, {"version": "X12.6.4", "status": "affected"}, {"version": "X12.7.0", "status": "affected"}, {"version": "X12.7.1", "status": "affected"}, {"version": "X8.11.1", "status": "affected"}, {"version": "X8.11.2", "status": "affected"}, {"version": "X8.11.4", "status": "affected"}, {"version": "X8.11.3", "status": "affected"}, {"version": "X8.11.0", "status": "affected"}, {"version": "X14.0.1", "status": "affected"}, {"version": "X14.0.3", "status": "affected"}, {"version": "X14.0.2", "status": "affected"}, {"version": "X14.0.4", "status": "affected"}, {"version": "X14.0.5", "status": "affected"}, {"version": "X14.0.6", "status": "affected"}, {"version": "X14.0.7", "status": "affected"}, {"version": "X14.0.8", "status": "affected"}, {"version": "X14.0.9", "status": "affected"}, {"version": "X14.0.10", "status": "affected"}, {"version": "X14.0.11", "status": "affected"}, {"version": "X14.2.1", "status": "affected"}, {"version": "X14.2.2", "status": "affected"}, {"version": "X14.2.5", "status": "affected"}, {"version": "X14.2.6", "status": "affected"}, {"version": "X14.2.0", "status": "affected"}, {"version": "X14.2.7", "status": "affected"}, {"version": "X14.3.0", "status": "affected"}, {"version": "X14.3.1", "status": "affected"}, {"version": "X14.3.2", "status": "affected"}, {"version": "X14.3.3", "status": "affected"}, {"version": "X14.3.4", "status": "affected"}, {"version": "X14.3.5", "status": "affected"}, {"version": "X15.0.0", "status": "affected"}, {"version": "X15.0.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "URL Redirection to Untrusted Site ('Open Redirect')", "type": "cwe", "cweId": "CWE-601"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj", "name": "cisco-sa-expressway-redirect-KJsFuXgj"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-expressway-redirect-KJsFuXgj", "discovery": "INTERNAL", "defects": ["CSCwa25104"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T16:51:59.501192Z", "id": "CVE-2024-20400", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T16:52:12.586Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.611Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj", "name": "cisco-sa-expressway-redirect-KJsFuXgj", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj", "name": "cisco-sa-expressway-redirect-KJsFuXgj", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.611Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20400", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T16:51:59.501192Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T16:52:08.000Z"}}], "cna": {"source": {"defects": ["CSCwa25104"], "advisory": "cisco-sa-expressway-redirect-KJsFuXgj", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco TelePresence Video Communication Server (VCS) Expressway", "versions": [{"status": "affected", "version": "X8.5.1"}, {"status": "affected", "version": "X8.5.3"}, {"status": "affected", "version": "X8.5"}, {"status": "affected", "version": "X8.6.1"}, {"status": "affected", "version": "X8.6"}, {"status": "affected", "version": "X8.1.1"}, {"status": "affected", "version": "X8.1.2"}, {"status": "affected", "version": "X8.1"}, {"status": "affected", "version": "X8.2.1"}, {"status": "affected", "version": "X8.2.2"}, {"status": "affected", "version": "X8.2"}, {"status": "affected", "version": "X8.7.1"}, {"status": "affected", "version": "X8.7.2"}, {"status": "affected", "version": "X8.7.3"}, {"status": "affected", "version": "X8.7"}, {"status": "affected", "version": "X8.8.1"}, {"status": "affected", "version": "X8.8.2"}, {"status": "affected", "version": "X8.8.3"}, {"status": "affected", "version": "X8.8"}, {"status": "affected", "version": "X8.9.1"}, {"status": "affected", "version": "X8.9.2"}, {"status": "affected", "version": "X8.9"}, {"status": "affected", "version": "X8.10.0"}, {"status": "affected", "version": "X8.10.1"}, {"status": "affected", "version": "X8.10.2"}, {"status": "affected", "version": "X8.10.3"}, {"status": "affected", "version": "X8.10.4"}, {"status": "affected", "version": "X12.5.8"}, {"status": "affected", "version": "X12.5.9"}, {"status": "affected", "version": "X12.5.0"}, {"status": "affected", "version": "X12.5.2"}, {"status": "affected", "version": "X12.5.7"}, {"status": "affected", "version": "X12.5.3"}, {"status": "affected", "version": "X12.5.4"}, {"status": "affected", "version": "X12.5.5"}, {"status": "affected", "version": "X12.5.1"}, {"status": "affected", "version": "X12.5.6"}, {"status": "affected", "version": "X12.6.0"}, {"status": "affected", "version": "X12.6.1"}, {"status": "affected", "version": "X12.6.2"}, {"status": "affected", "version": "X12.6.3"}, {"status": "affected", "version": "X12.6.4"}, {"status": "affected", "version": "X12.7.0"}, {"status": "affected", "version": "X12.7.1"}, {"status": "affected", "version": "X8.11.1"}, {"status": "affected", "version": "X8.11.2"}, {"status": "affected", "version": "X8.11.4"}, {"status": "affected", "version": "X8.11.3"}, {"status": "affected", "version": "X8.11.0"}, {"status": "affected", "version": "X14.0.1"}, {"status": "affected", "version": "X14.0.3"}, {"status": "affected", "version": "X14.0.2"}, {"status": "affected", "version": "X14.0.4"}, {"status": "affected", "version": "X14.0.5"}, {"status": "affected", "version": "X14.0.6"}, {"status": "affected", "version": "X14.0.7"}, {"status": "affected", "version": "X14.0.8"}, {"status": "affected", "version": "X14.0.9"}, {"status": "affected", "version": "X14.0.10"}, {"status": "affected", "version": "X14.0.11"}, {"status": "affected", "version": "X14.2.1"}, {"status": "affected", "version": "X14.2.2"}, {"status": "affected", "version": "X14.2.5"}, {"status": "affected", "version": "X14.2.6"}, {"status": "affected", "version": "X14.2.0"}, {"status": "affected", "version": "X14.2.7"}, {"status": "affected", "version": "X14.3.0"}, {"status": "affected", "version": "X14.3.1"}, {"status": "affected", "version": "X14.3.2"}, {"status": "affected", "version": "X14.3.3"}, {"status": "affected", "version": "X14.3.4"}, {"status": "affected", "version": "X14.3.5"}, {"status": "affected", "version": "X15.0.0"}, {"status": "affected", "version": "X15.0.1"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj", "name": "cisco-sa-expressway-redirect-KJsFuXgj"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.\r\n\r Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-601", "description": "URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-07-17T16:29:36.302Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20400", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:41.611Z", "dateReserved": "2023-11-08T15:08:07.660Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-07-17T16:29:36.302Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "73A2A365-59AA-48B9-9ABF-914C2B80C7A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "98BDD88B-DF43-4F7C-A6C0-1EECE9C85355", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "BE860BF8-AC42-4C10-BC65-9DBF8050E682", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "C03A7AEA-8411-4693-84A9-7ADC7F08D87C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "0D98AE26-55C9-4BA7-B82C-5B328E689418", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "D50E9F77-0575-43E0-AF83-9A932F4D4F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "9F91E793-E37D-4823-B078-DA96AB422967", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "3F16B185-879A-4BA8-B4EB-B032FC8B9674", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "95FC0285-58F4-4C17-9DB0-0A495A7FE9BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "E9BB8E50-74EF-4726-A069-C90B09201593", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "8AEF5B51-8609-40D8-A01B-6696B012FCB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "1590C980-506C-4689-AA91-6C647CC3AF28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "4E9D0839-13E1-4C95-AFEF-3071A977AB5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "6E714552-FDEF-4971-959F-3615E34E6F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*", "matchCriteriaId": "20A5441C-7798-4EAD-9428-6DA4EF354807", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "1BE2198F-DF53-497E-9945-062ADD3787F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "0D7C383F-30E2-4F22-B35D-B73671D1BBCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "B478B2B7-269C-4813-A004-225D90715A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*", "matchCriteriaId": "CBEB2506-7F1B-4227-B5BD-47B28778D7AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "A000BA48-4ABC-46D4-89EB-CEA8D754B708", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "66CBF53D-4174-463A-B902-E50FF63E39B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "F642A732-BA7E-493F-BE62-273997AF3328", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "76688320-EE54-4662-BE15-F721EA55D5D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "F0B562E3-5E36-4899-A57A-90E653737B09", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "EA6FF488-FBED-40E6-92CC-39B8749171C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "F84981B5-0E55-40D6-92F9-57C03A24A44A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "A9A37F14-5F65-4C99-A0E2-EACABEDF2286", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "6F7DC504-15CA-4D44-90E5-5684F474A7A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "36BD629F-0183-41C2-9547-08EAE359BD00", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "26301BB9-38C0-473F-9FAF-E5DF70E29A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "29C38DD2-E763-4B59-83C7-050D08D91637", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "684A39DB-7850-4932-922D-9E7A62FC608A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "81B09C18-F930-4B67-8309-7FA0889039C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "E172DA2A-37B4-4387-AE92-0F0D4F60F736", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "D09EB9B0-5212-4E32-95E9-93BEC53B4AA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "2221FF76-F13A-4E8D-88EB-2757AB6DCDCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "FBEE5E76-A827-4031-B1C1-4961C277C5F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*", "matchCriteriaId": "156F7D5E-DC54-4687-B80F-3281C779135F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*", "matchCriteriaId": "8BDFCFC1-8230-4051-9B5D-73349C288E46", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "98E3BF27-037E-474F-B55A-12750943499D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "9F2CF11F-735B-458F-9F2F-8E2322FC39DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "22089B78-2048-4192-826B-76AA3FAE7E22", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "C826FD6A-948C-4B09-8061-E800BD6E1963", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "2CE43D3E-BC2F-4CBC-8213-13028B88B1B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "60DF84F3-B71E-4860-A6B7-61AB5D201702", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "06852E84-8BEC-403D-BB70-07A4F51054E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "7090851D-B154-435B-8F25-06E365334D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "D1A6AB08-E97C-4865-B225-0EA77AA73366", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "0EE6F371-C8E2-4B4E-855E-882395C02801", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "711A5AE8-087C-4471-BA1B-C3B70EED1427", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "4B0339D9-9CA8-4376-A60B-94429B993E80", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*", "matchCriteriaId": "9F656226-EAB4-4B9D-965B-872FA62BDA26", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.9:*:*:*:expressway:*:*:*", "matchCriteriaId": "1543EF6E-9B45-4FD4-B435-6579FE7F2C54", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.10:*:*:*:expressway:*:*:*", "matchCriteriaId": "1AA8FED6-4E07-4C0D-8DF7-605C230B7D21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.11:*:*:*:expressway:*:*:*", "matchCriteriaId": "0343AAE7-94DF-43E4-AF29-9EC1B320A58E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "CA0CFF47-8107-40BC-9E29-69E829A7FCE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "89E4FDB4-B74A-4622-A47F-2EDCB6D57F57", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "CC1B741E-9D6F-428F-B403-2FB0DF52DCE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "16FDBC96-2C3A-4615-8AE7-90DEB68E2952", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "05AB5287-62D0-4510-B4AF-9AC0A757CE3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "0DAE5BA7-833B-4FB1-8F04-80FC02BD444F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "10582312-5717-4A91-AE3E-9A907C8A338B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "8FEE44F0-FBC5-470F-BB66-C1C672032B34", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "8B1EDE63-DE13-47AC-BC19-6F5EB4D00BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "B2B49119-47FF-4751-A9EC-D34ABAD3A9E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "193C4B32-EE7D-42CE-B851-00CDDBA07D40", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "9137356B-264C-4D1F-B37A-DB5FE96B1A1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "7DB74EB7-1B43-4F61-818C-CACC4661F9DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "9B8E94B6-6B64-4060-B264-623B7CAA456E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.\r\n\r Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Expressway Series podr\u00eda permitir que un atacante remoto no autenticado redirija a un usuario a una p\u00e1gina web maliciosa. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada incorrecta de los par\u00e1metros de solicitud HTTP. Un atacante podr\u00eda aprovechar esta vulnerabilidad interceptando y modificando una solicitud HTTP de un usuario. Un exploit exitoso podr\u00eda permitir al atacante redirigir al usuario a una p\u00e1gina web maliciosa. Nota: La serie Cisco Expressway se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E)."}], "id": "CVE-2024-20400", "lastModified": "2025-07-31T16:40:38.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Secondary"}]}, "published": "2024-07-17T17:15:13.300", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "psirt@cisco.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T22:00:59.578726+00:00", "updated": "2025-07-12T22:00:59.578795+00:00", "vendors": ["cisco", "cisco$PRODUCT$expressway"]}