A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI.
This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.
Metrics
Affected Vendors & Products
References
History
Wed, 25 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 25 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device. | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-09-25T16:29:36.509Z
Updated: 2024-09-25T18:00:35.918Z
Reserved: 2023-11-08T15:08:07.663Z
Link: CVE-2024-20414
Vulnrichment
Updated: 2024-09-25T18:00:31.953Z
NVD
Status : Awaiting Analysis
Published: 2024-09-25T17:15:15.413
Modified: 2024-09-26T13:32:02.803
Link: CVE-2024-20414
Redhat
No data.