This CVE chained together several vulnerabilities to accomplish a restricted shell escape and perform a privilege escalation in Cisco Expressway. I share details on how the exploit came together, several pitfalls, and considerations for different deployments.

The full writeup can be found on the State Farm Engineering blog:

https://engineering.statefarm.com/cve-2024-20492-a-privilege-escalation-in-cisco-expressway-9501ffc74746