cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2083
Views
7
Helpful
17
Replies

CSCwa25099, CSCwa25100 and CSCwa25074 - Expressway Cross-Site Vulnerab

Elter
Level 4
Level 4

Hello,

the Cisco Security Advisory raised yesterday relates to bugs CSCwa25099, CSCwa25100 and CSCwa25074:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

and basically mention: "This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system."

and also mention that there is no workaround, must upgrade to a fixed release.

 

If the bug is specific to the web-based management, I was wondering we disable web access to the expressway, either by block with internal or external firewall or directly disabling web mgmt interface, would be enough to not be exposed, while planning the upgrade to a fixed release.

Any thoughts?

Best regards

17 Replies 17