A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.
2019-08-21T19:15:13.123
2024-11-21T04:23:12.800
Modified
CVSSv3.0: 8.8 (HIGH)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | ios_xe | ≤ 3.11.xe | Yes |
| Hardware | cisco | 5760_wireless_lan_controller | - | No |
| Hardware | cisco | catalyst_3650-12x48uq | - | No |
| Hardware | cisco | catalyst_3650-12x48ur | - | No |
| Hardware | cisco | catalyst_3650-12x48uz | - | No |
| Hardware | cisco | catalyst_3650-24pd | - | No |
| Hardware | cisco | catalyst_3650-24pdm | - | No |
| Hardware | cisco | catalyst_3650-48fq | - | No |
| Hardware | cisco | catalyst_3650-48fqm | - | No |
| Hardware | cisco | catalyst_3650-8x24uq | - | No |
| Hardware | cisco | catalyst_3850-12x48u | - | No |
| Hardware | cisco | catalyst_3850-24u | - | No |
| Hardware | cisco | catalyst_3850-24xs | - | No |
| Hardware | cisco | catalyst_3850-24xu | - | No |
| Hardware | cisco | catalyst_3850-48u | - | No |
| Hardware | cisco | catalyst_3850-48xs | - | No |
| Hardware | cisco | catalyst_3850-nm-2-40g | - | No |
| Hardware | cisco | catalyst_3850-nm-8-10g | - | No |
| Hardware | cisco | catalyst_4500e_supervisor_engine_8-e | - | No |