{ "id": "CVE-2024-20492", "sourceIdentifier": "psirt@cisco.com", "published": "2024-10-02T17:15:17.763", "lastModified": "2024-10-08T16:07:26.280", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device.\r\nNote: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices." }, { "lang": "es", "value": "Una vulnerabilidad en el shell restringido de Cisco Expressway Series podr\u00eda permitir que un atacante local autenticado realice ataques de inyecci\u00f3n de comandos en el sistema operativo subyacente y eleve los privilegios a superusuario. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de nivel de administrador con privilegios de lectura y escritura en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una serie de comandos CLI manipulados. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante escapar del shell restringido y obtener privilegios de superusuario en el sistema operativo subyacente del dispositivo afectado. Nota: Cisco Expressway Series hace referencia a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E)." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE" }, "exploitabilityScore": 0.8, "impactScore": 5.2 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.8, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "psirt@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-77" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-77" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "73A2A365-59AA-48B9-9ABF-914C2B80C7A4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "98BDD88B-DF43-4F7C-A6C0-1EECE9C85355" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "BE860BF8-AC42-4C10-BC65-9DBF8050E682" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "C03A7AEA-8411-4693-84A9-7ADC7F08D87C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "0D98AE26-55C9-4BA7-B82C-5B328E689418" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "D50E9F77-0575-43E0-AF83-9A932F4D4F73" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "9F91E793-E37D-4823-B078-DA96AB422967" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "3F16B185-879A-4BA8-B4EB-B032FC8B9674" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "5D58C2C4-F0CB-440A-885A-173DC9B5D32F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "95FC0285-58F4-4C17-9DB0-0A495A7FE9BE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "E9BB8E50-74EF-4726-A069-C90B09201593" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "8AEF5B51-8609-40D8-A01B-6696B012FCB0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "1590C980-506C-4689-AA91-6C647CC3AF28" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "4E9D0839-13E1-4C95-AFEF-3071A977AB5F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "6E714552-FDEF-4971-959F-3615E34E6F5D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*", "matchCriteriaId": "20A5441C-7798-4EAD-9428-6DA4EF354807" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "1BE2198F-DF53-497E-9945-062ADD3787F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "0D7C383F-30E2-4F22-B35D-B73671D1BBCC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "B478B2B7-269C-4813-A004-225D90715A08" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*", "matchCriteriaId": "CBEB2506-7F1B-4227-B5BD-47B28778D7AE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "A000BA48-4ABC-46D4-89EB-CEA8D754B708" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "66CBF53D-4174-463A-B902-E50FF63E39B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "F642A732-BA7E-493F-BE62-273997AF3328" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "76688320-EE54-4662-BE15-F721EA55D5D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "F0B562E3-5E36-4899-A57A-90E653737B09" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "EA6FF488-FBED-40E6-92CC-39B8749171C0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "F84981B5-0E55-40D6-92F9-57C03A24A44A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "A9A37F14-5F65-4C99-A0E2-EACABEDF2286" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "6F7DC504-15CA-4D44-90E5-5684F474A7A4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "36BD629F-0183-41C2-9547-08EAE359BD00" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "26301BB9-38C0-473F-9FAF-E5DF70E29A36" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "29C38DD2-E763-4B59-83C7-050D08D91637" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "684A39DB-7850-4932-922D-9E7A62FC608A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "81B09C18-F930-4B67-8309-7FA0889039C7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "E172DA2A-37B4-4387-AE92-0F0D4F60F736" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "D09EB9B0-5212-4E32-95E9-93BEC53B4AA1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "2221FF76-F13A-4E8D-88EB-2757AB6DCDCE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "FBEE5E76-A827-4031-B1C1-4961C277C5F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*", "matchCriteriaId": "156F7D5E-DC54-4687-B80F-3281C779135F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*", "matchCriteriaId": "8BDFCFC1-8230-4051-9B5D-73349C288E46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "98E3BF27-037E-474F-B55A-12750943499D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "9F2CF11F-735B-458F-9F2F-8E2322FC39DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "22089B78-2048-4192-826B-76AA3FAE7E22" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "C826FD6A-948C-4B09-8061-E800BD6E1963" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "2CE43D3E-BC2F-4CBC-8213-13028B88B1B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "60DF84F3-B71E-4860-A6B7-61AB5D201702" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "06852E84-8BEC-403D-BB70-07A4F51054E8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "EDDF2FE3-585A-4A3D-9E14-A8AE02301223" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "7090851D-B154-435B-8F25-06E365334D68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "D1A6AB08-E97C-4865-B225-0EA77AA73366" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "0EE6F371-C8E2-4B4E-855E-882395C02801" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "711A5AE8-087C-4471-BA1B-C3B70EED1427" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "4B0339D9-9CA8-4376-A60B-94429B993E80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*", "matchCriteriaId": "9F656226-EAB4-4B9D-965B-872FA62BDA26" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.9:*:*:*:expressway:*:*:*", "matchCriteriaId": "1543EF6E-9B45-4FD4-B435-6579FE7F2C54" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.10:*:*:*:expressway:*:*:*", "matchCriteriaId": "1AA8FED6-4E07-4C0D-8DF7-605C230B7D21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.11:*:*:*:expressway:*:*:*", "matchCriteriaId": "0343AAE7-94DF-43E4-AF29-9EC1B320A58E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "CA0CFF47-8107-40BC-9E29-69E829A7FCE1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "89E4FDB4-B74A-4622-A47F-2EDCB6D57F57" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "CC1B741E-9D6F-428F-B403-2FB0DF52DCE9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "16FDBC96-2C3A-4615-8AE7-90DEB68E2952" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "05AB5287-62D0-4510-B4AF-9AC0A757CE3D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.7:*:*:*:expressway:*:*:*", "matchCriteriaId": "0DAE5BA7-833B-4FB1-8F04-80FC02BD444F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "10582312-5717-4A91-AE3E-9A907C8A338B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "8FEE44F0-FBC5-470F-BB66-C1C672032B34" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "8B1EDE63-DE13-47AC-BC19-6F5EB4D00BFB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "B2B49119-47FF-4751-A9EC-D34ABAD3A9E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.4:*:*:*:expressway:*:*:*", "matchCriteriaId": "193C4B32-EE7D-42CE-B851-00CDDBA07D40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.5:*:*:*:expressway:*:*:*", "matchCriteriaId": "9137356B-264C-4D1F-B37A-DB5FE96B1A1E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.6:*:*:*:expressway:*:*:*", "matchCriteriaId": "4B8FD463-4EC1-4BD3-AB01-2915D061C57A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.0:*:*:*:expressway:*:*:*", "matchCriteriaId": "7DB74EB7-1B43-4F61-818C-CACC4661F9DB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.1:*:*:*:expressway:*:*:*", "matchCriteriaId": "9B8E94B6-6B64-4060-B264-623B7CAA456E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.2:*:*:*:expressway:*:*:*", "matchCriteriaId": "A5BF2248-19FB-4F1B-AB1D-1892445AB15B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.3:*:*:*:expressway:*:*:*", "matchCriteriaId": "0477933F-C946-4ED9-B89A-C0D9E40FCE06" } ] } ] } ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD", "source": "psirt@cisco.com", "tags": [ "Vendor Advisory" ] } ] }