cisco-sa-webui-csrf-ycUYxkKO: Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability
First published: Wed Sep 25 2024(Updated: )
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.This vulnerability is due to insufficient CSRF
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS and IOS XE Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-webui-csrf-ycUYxkKO?
The severity of cisco-sa-webui-csrf-ycUYxkKO is rated as high due to the potential for unauthorized command execution.
How do I fix cisco-sa-webui-csrf-ycUYxkKO?
To fix cisco-sa-webui-csrf-ycUYxkKO, apply the recommended software patches provided by Cisco.
What causes cisco-sa-webui-csrf-ycUYxkKO vulnerability?
The cisco-sa-webui-csrf-ycUYxkKO vulnerability is caused by insufficient CSRF protection in the web-based management interface of Cisco IOS XE Software.
Who is affected by cisco-sa-webui-csrf-ycUYxkKO?
Any organization using the affected versions of Cisco IOS XE Software is at risk from the cisco-sa-webui-csrf-ycUYxkKO vulnerability.
Can cisco-sa-webui-csrf-ycUYxkKO be exploited remotely?
Yes, cisco-sa-webui-csrf-ycUYxkKO can be exploited remotely by an unauthenticated attacker via a cross-site request forgery attack.
- collector/cisco-recent
- source/Cisco
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios and ios xe software