CVE-2024-20492

Published Oct 2, 2024
Last updated a month ago
CVSS medium 6.7
Overview

Description: A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
Source: ykramarz@cisco.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
Weaknesses

nvd@nist.gov: CWE-77
ykramarz@cisco.com: CWE-77
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73A2A365-59AA-48B9-9ABF-914C2B80C7A4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98BDD88B-DF43-4F7C-A6C0-1EECE9C85355"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE860BF8-AC42-4C10-BC65-9DBF8050E682"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C03A7AEA-8411-4693-84A9-7ADC7F08D87C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D98AE26-55C9-4BA7-B82C-5B328E689418"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D50E9F77-0575-43E0-AF83-9A932F4D4F73"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F91E793-E37D-4823-B078-DA96AB422967"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F16B185-879A-4BA8-B4EB-B032FC8B9674"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D58C2C4-F0CB-440A-885A-173DC9B5D32F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95FC0285-58F4-4C17-9DB0-0A495A7FE9BE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9BB8E50-74EF-4726-A069-C90B09201593"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AEF5B51-8609-40D8-A01B-6696B012FCB0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0DCF6AA-84C1-4B1A-80B0-6942707D9CAF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1590C980-506C-4689-AA91-6C647CC3AF28"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E9D0839-13E1-4C95-AFEF-3071A977AB5F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E714552-FDEF-4971-959F-3615E34E6F5D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20A5441C-7798-4EAD-9428-6DA4EF354807"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BE2198F-DF53-497E-9945-062ADD3787F2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D7C383F-30E2-4F22-B35D-B73671D1BBCC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B478B2B7-269C-4813-A004-225D90715A08"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBEB2506-7F1B-4227-B5BD-47B28778D7AE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A000BA48-4ABC-46D4-89EB-CEA8D754B708"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66CBF53D-4174-463A-B902-E50FF63E39B0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFFD53C6-D23A-4CEC-AD1C-7D6A8B920566"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F642A732-BA7E-493F-BE62-273997AF3328"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76688320-EE54-4662-BE15-F721EA55D5D9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C3B3879-FCDF-4D12-9B81-24EC70FF6CF8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0B562E3-5E36-4899-A57A-90E653737B09"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA6FF488-FBED-40E6-92CC-39B8749171C0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F84981B5-0E55-40D6-92F9-57C03A24A44A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9A37F14-5F65-4C99-A0E2-EACABEDF2286"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F7DC504-15CA-4D44-90E5-5684F474A7A4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36BD629F-0183-41C2-9547-08EAE359BD00"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26301BB9-38C0-473F-9FAF-E5DF70E29A36"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29C38DD2-E763-4B59-83C7-050D08D91637"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "684A39DB-7850-4932-922D-9E7A62FC608A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81B09C18-F930-4B67-8309-7FA0889039C7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E172DA2A-37B4-4387-AE92-0F0D4F60F736"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D09EB9B0-5212-4E32-95E9-93BEC53B4AA1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2221FF76-F13A-4E8D-88EB-2757AB6DCDCE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBEE5E76-A827-4031-B1C1-4961C277C5F8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "156F7D5E-DC54-4687-B80F-3281C779135F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BDFCFC1-8230-4051-9B5D-73349C288E46"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98E3BF27-037E-474F-B55A-12750943499D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F2CF11F-735B-458F-9F2F-8E2322FC39DE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22089B78-2048-4192-826B-76AA3FAE7E22"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C826FD6A-948C-4B09-8061-E800BD6E1963"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CE43D3E-BC2F-4CBC-8213-13028B88B1B0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60DF84F3-B71E-4860-A6B7-61AB5D201702"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06852E84-8BEC-403D-BB70-07A4F51054E8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDDF2FE3-585A-4A3D-9E14-A8AE02301223"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C6A62AC-7214-4FB0-A2C9-82BDEE6D7C7D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7090851D-B154-435B-8F25-06E365334D68"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1A6AB08-E97C-4865-B225-0EA77AA73366"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.4:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EE6F371-C8E2-4B4E-855E-882395C02801"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.5:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "711A5AE8-087C-4471-BA1B-C3B70EED1427"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.6:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B0339D9-9CA8-4376-A60B-94429B993E80"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.7:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AA3FAD1-7F25-4D57-AA14-822CDE7FE0FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.8:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F656226-EAB4-4B9D-965B-872FA62BDA26"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.9:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1543EF6E-9B45-4FD4-B435-6579FE7F2C54"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.10:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AA8FED6-4E07-4C0D-8DF7-605C230B7D21"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.0.11:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0343AAE7-94DF-43E4-AF29-9EC1B320A58E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA0CFF47-8107-40BC-9E29-69E829A7FCE1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89E4FDB4-B74A-4622-A47F-2EDCB6D57F57"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC1B741E-9D6F-428F-B403-2FB0DF52DCE9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.5:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16FDBC96-2C3A-4615-8AE7-90DEB68E2952"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.6:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05AB5287-62D0-4510-B4AF-9AC0A757CE3D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.2.7:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DAE5BA7-833B-4FB1-8F04-80FC02BD444F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10582312-5717-4A91-AE3E-9A907C8A338B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FEE44F0-FBC5-470F-BB66-C1C672032B34"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B1EDE63-DE13-47AC-BC19-6F5EB4D00BFB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2B49119-47FF-4751-A9EC-D34ABAD3A9E0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.4:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "193C4B32-EE7D-42CE-B851-00CDDBA07D40"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.5:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9137356B-264C-4D1F-B37A-DB5FE96B1A1E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x14.3.6:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B8FD463-4EC1-4BD3-AB01-2915D061C57A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.0:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DB74EB7-1B43-4F61-818C-CACC4661F9DB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.1:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B8E94B6-6B64-4060-B264-623B7CAA456E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.2:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5BF2248-19FB-4F1B-AB1D-1892445AB15B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x15.0.3:*:*:*:expressway:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0477933F-C946-4ED9-B89A-C0D9E40FCE06"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
