vulnerability

Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2024-20497: Cisco Expressway Edge Improper Authorization Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Sep 4, 2024	Sep 30, 2024	Jun 23, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Sep 4, 2024

Added

Sep 30, 2024

Modified

Jun 23, 2025

Description

A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system.

This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system.

Solution

cisco-telepresence-expressway-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today