Cisco Expressway Series devices are vulnerable to three high and critical severity flaws that may lead to cross-site request forgery (CSRF) attacks. Tracked as CVE-2024-20252, CVE-2024-20254, & CVE-2024-20255, the vulnerabilities may sometimes allow an unauthenticated, remote attacker to perform arbitrary actions on an affected device. There is no evidence suggesting the active exploitation of any of … Continue reading “Cisco Addresses Cross-Site Request Forgery Vulnerabilities in Expressway Series (CVE-2024-20252, CVE-2024-20254, & CVE-2024-20255)”
Tag: Cross-Site Request Forgery Vulnerability
VMware vRealize Operations (vROps) Cross-Site Request Forgery Bypass Vulnerability (CVE-2023-20856)
VMware has released a patch for the cross-site request forgery vulnerability in the VMware vRealize Operations (vROps). Tracked as CVE-2023-20856, this vulnerability can be exploited by a malicious attacker to execute actions on the target platform on behalf of the authenticated victim user. VMware vRealize® Operations automates and streamlines IT administration. The tool offers … Continue reading “VMware vRealize Operations (vROps) Cross-Site Request Forgery Bypass Vulnerability (CVE-2023-20856)”
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)
Cisco has released patches for multiple vulnerabilities in Cisco Nexus Dashboard (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861). The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. These vulnerabilities were discovered during internal security testing by Michael J Davenport of the … Continue reading “Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)”