Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20437

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.

Published

2024-09-25T17:15:16.630

Last Modified

2024-10-24T19:45:01.540

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-352
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	17.3.2	Yes
Operating System	cisco	ios_xe	17.3.2a	Yes
Operating System	cisco	ios_xe	17.3.3	Yes
Operating System	cisco	ios_xe	17.3.4	Yes
Operating System	cisco	ios_xe	17.3.4a	Yes
Operating System	cisco	ios_xe	17.3.4b	Yes
Operating System	cisco	ios_xe	17.3.4c	Yes
Operating System	cisco	ios_xe	17.3.5	Yes
Operating System	cisco	ios_xe	17.3.5a	Yes
Operating System	cisco	ios_xe	17.3.5b	Yes
Operating System	cisco	ios_xe	17.3.6	Yes
Operating System	cisco	ios_xe	17.3.7	Yes
Operating System	cisco	ios_xe	17.3.8	Yes
Operating System	cisco	ios_xe	17.3.8a	Yes
Operating System	cisco	ios_xe	17.4.1	Yes
Operating System	cisco	ios_xe	17.4.1a	Yes
Operating System	cisco	ios_xe	17.4.1b	Yes
Operating System	cisco	ios_xe	17.4.2	Yes
Operating System	cisco	ios_xe	17.4.2a	Yes
Operating System	cisco	ios_xe	17.5.1	Yes
Operating System	cisco	ios_xe	17.5.1a	Yes
Operating System	cisco	ios_xe	17.6.1	Yes
Operating System	cisco	ios_xe	17.6.1a	Yes
Operating System	cisco	ios_xe	17.6.1w	Yes
Operating System	cisco	ios_xe	17.6.1x	Yes
Operating System	cisco	ios_xe	17.6.1y	Yes
Operating System	cisco	ios_xe	17.6.1z	Yes
Operating System	cisco	ios_xe	17.6.1z1	Yes
Operating System	cisco	ios_xe	17.6.2	Yes
Operating System	cisco	ios_xe	17.6.3	Yes
Operating System	cisco	ios_xe	17.6.3a	Yes
Operating System	cisco	ios_xe	17.6.4	Yes
Operating System	cisco	ios_xe	17.6.5	Yes
Operating System	cisco	ios_xe	17.6.5a	Yes
Operating System	cisco	ios_xe	17.6.6	Yes
Operating System	cisco	ios_xe	17.6.6a	Yes
Operating System	cisco	ios_xe	17.7.1	Yes
Operating System	cisco	ios_xe	17.7.1a	Yes
Operating System	cisco	ios_xe	17.7.1b	Yes
Operating System	cisco	ios_xe	17.7.2	Yes
Operating System	cisco	ios_xe	17.8.1	Yes
Operating System	cisco	ios_xe	17.8.1a	Yes
Operating System	cisco	ios_xe	17.9.1	Yes
Operating System	cisco	ios_xe	17.9.1a	Yes
Operating System	cisco	ios_xe	17.9.1w	Yes
Operating System	cisco	ios_xe	17.9.1x	Yes
Operating System	cisco	ios_xe	17.9.1x1	Yes
Operating System	cisco	ios_xe	17.9.1y	Yes
Operating System	cisco	ios_xe	17.9.1y1	Yes
Operating System	cisco	ios_xe	17.9.2	Yes
Operating System	cisco	ios_xe	17.9.2a	Yes
Operating System	cisco	ios_xe	17.9.3	Yes
Operating System	cisco	ios_xe	17.9.3a	Yes
Operating System	cisco	ios_xe	17.9.4	Yes
Operating System	cisco	ios_xe	17.9.4a	Yes
Operating System	cisco	ios_xe	17.10.1	Yes
Operating System	cisco	ios_xe	17.10.1a	Yes
Operating System	cisco	ios_xe	17.10.1b	Yes
Operating System	cisco	ios_xe	17.11.1	Yes
Operating System	cisco	ios_xe	17.11.1a	Yes
Operating System	cisco	ios_xe	17.11.99sw	Yes
Operating System	cisco	ios_xe	17.12.1	Yes
Operating System	cisco	ios_xe	17.12.1a	Yes
Operating System	cisco	ios_xe	17.12.1w	Yes
Operating System	cisco	ios_xe	17.12.1x	Yes
Operating System	cisco	ios_xe	17.12.1y	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO Vendor Advisory ([email protected])