{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T17:37:49.654","vulnerabilities":[{"cve":{"id":"CVE-2024-20497","sourceIdentifier":"psirt@cisco.com","published":"2024-09-04T17:15:13.970","lastModified":"2025-08-12T23:51:41.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system.\r\n\r\nThis vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system."},{"lang":"es","value":"Una vulnerabilidad en Cisco Expressway Edge (Expressway-E) podría permitir que un atacante remoto autenticado se haga pasar por otro usuario en un sistema afectado. Esta vulnerabilidad se debe a comprobaciones de autorización inadecuadas para los usuarios de acceso remoto y móvil (MRA). Un atacante podría aprovechar esta vulnerabilidad ejecutando una serie de comandos manipulados específicamente para ello. Una explotación exitosa podría permitir al atacante interceptar llamadas destinadas a un número de teléfono en particular o hacer llamadas telefónicas y que ese número de teléfono aparezca en el identificador de llamadas. Para aprovechar esta vulnerabilidad con éxito, el atacante debe ser un usuario de MRA en un sistema afectado."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway-e:*:*:*:*:*:*:*:*","versionEndExcluding":"15.2","matchCriteriaId":"0BE42697-EF64-49D2-AD83-0614C1A9A42E"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-auth-kdFrcZ2j","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}