4 matches found
CVE-2019-1904
A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...
Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a cross-site request forgery CSRF, which exists in the web UI of the affected device. A remote attacker can exploit this to perform arbitrary actions with the privilege level of the affected user. Please see the included...
CVE-2019-1904
CVE-2019-1904 involves Cisco IOS XE Software’s web-based UI CSRF vulnerability. The issue stems from insufficient CSRF protections in the web UI when the HTTP Server feature is enabled, allowing an unauthenticated, remote attacker to coerce a logged-in user into performing arbitrary actions. If t...
High-Severity Cisco Flaw in IOS XE Enables Device Takeover
Cisco has patched a high-severity vulnerability in its software for routers and switches, which could enable a remote attacker to reconfigure or execute commands on impacted devices. IOS XE, a Linux-based version of Cisco’s Internetworking Operating System IOS, is software for Cisco routers and...