cbcvebase.
CVE-2019-12624
published 2019-08-21

CVE-2019-12624: A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker…

PriorityP269high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
18.71%
96.9th percentile
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_ios_xe_software
ciscoios_xe3.0.xe – 3.11.xe
ciscoios_xe_ngwc_legacy_wireless_device_manager

Detection & IOCsextracted from sources · hover to see the quote

versionCisco Wireless Controller 3.6.10E
commandAdd Admin CSRF Payload via HTTP POST to Cisco Wireless Controller management interface
  • Monitor for unauthenticated HTTP POST requests to the Cisco IOS XE NGWC web-based management interface that lack valid CSRF tokens, which may indicate exploitation attempts.
  • Track Cisco bug ID CSCvq64435 for patch status; devices running affected NGWC firmware versions without this fix applied should be flagged for priority patching.
  • Alert on admin account creation actions originating from the web management interface without a corresponding authenticated session, as the exploit payload targets adding admin users via CSRF.
  • ·There are no workarounds available for this vulnerability; the only mitigation is applying the vendor-released software update.
  • ·The vulnerability affects the Cisco IOS XE New Generation Wireless Controller (NGWC) web-based management interface; exposure should be minimized by restricting management interface access to trusted networks.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_cisco8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.