First published: Wed Sep 25 2024(Updated: )
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =17.3.2 | |
Cisco IOS XE | =17.3.2a | |
Cisco IOS XE | =17.3.3 | |
Cisco IOS XE | =17.3.4 | |
Cisco IOS XE | =17.3.4a | |
Cisco IOS XE | =17.3.4b | |
Cisco IOS XE | =17.3.4c | |
Cisco IOS XE | =17.3.5 | |
Cisco IOS XE | =17.3.5a | |
Cisco IOS XE | =17.3.5b | |
Cisco IOS XE | =17.3.6 | |
Cisco IOS XE | =17.3.7 | |
Cisco IOS XE | =17.3.8 | |
Cisco IOS XE | =17.3.8a | |
Cisco IOS XE | =17.4.1 | |
Cisco IOS XE | =17.4.1a | |
Cisco IOS XE | =17.4.1b | |
Cisco IOS XE | =17.4.2 | |
Cisco IOS XE | =17.4.2a | |
Cisco IOS XE | =17.5.1 | |
Cisco IOS XE | =17.5.1a | |
Cisco IOS XE | =17.6.1 | |
Cisco IOS XE | =17.6.1a | |
Cisco IOS XE | =17.6.1w | |
Cisco IOS XE | =17.6.1x | |
Cisco IOS XE | =17.6.1y | |
Cisco IOS XE | =17.6.1z | |
Cisco IOS XE | =17.6.1z1 | |
Cisco IOS XE | =17.6.2 | |
Cisco IOS XE | =17.6.3 | |
Cisco IOS XE | =17.6.3a | |
Cisco IOS XE | =17.6.4 | |
Cisco IOS XE | =17.6.5 | |
Cisco IOS XE | =17.6.5a | |
Cisco IOS XE | =17.6.6 | |
Cisco IOS XE | =17.6.6a | |
Cisco IOS XE | =17.7.1 | |
Cisco IOS XE | =17.7.1a | |
Cisco IOS XE | =17.7.1b | |
Cisco IOS XE | =17.7.2 | |
Cisco IOS XE | =17.8.1 | |
Cisco IOS XE | =17.8.1a | |
Cisco IOS XE | =17.9.1 | |
Cisco IOS XE | =17.9.1a | |
Cisco IOS XE | =17.9.1w | |
Cisco IOS XE | =17.9.1x | |
Cisco IOS XE | =17.9.1x1 | |
Cisco IOS XE | =17.9.1y | |
Cisco IOS XE | =17.9.1y1 | |
Cisco IOS XE | =17.9.2 | |
Cisco IOS XE | =17.9.2a | |
Cisco IOS XE | =17.9.3 | |
Cisco IOS XE | =17.9.3a | |
Cisco IOS XE | =17.9.4 | |
Cisco IOS XE | =17.9.4a | |
Cisco IOS XE | =17.10.1 | |
Cisco IOS XE | =17.10.1a | |
Cisco IOS XE | =17.10.1b | |
Cisco IOS XE | =17.11.1 | |
Cisco IOS XE | =17.11.1a | |
Cisco IOS XE | =17.11.99sw | |
Cisco IOS XE | =17.12.1 | |
Cisco IOS XE | =17.12.1a | |
Cisco IOS XE | =17.12.1w | |
Cisco IOS XE | =17.12.1x | |
Cisco IOS XE | =17.12.1y |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.