CVE-2019-16009Cross-Site Request Forgery in Cisco IOS

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
8.8HIGHNVD
EPSS
2.8%
top 13.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOSCisco IOS XECisco IOS 12.2 B
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/ios< 16.1.1
NVDcisco/ios_xe< 16.1.1
CVEListV5cisco/cisco_ios_12.2_bn/a

🔴Vulnerability Details

2
GHSA
GHSA-2c3m-f6hh-4v8q: A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request f2022-05-24
CVEList
Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability2020-09-23

📋Vendor Advisories

1
Cisco
Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability2020-01-08
CVE-2019-16009 — Cross-Site Request Forgery in Cisco | cvebase