cve-2024-20437
Vulnerability from cvelistv5
Published
2024-09-25 16:27
Modified
2024-09-25 19:28
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XE Software |
Version: 17.3.2 Version: 17.3.3 Version: 17.3.2a Version: 17.3.4 Version: 17.3.5 Version: 17.3.4a Version: 17.3.6 Version: 17.3.4b Version: 17.3.4c Version: 17.3.5a Version: 17.3.5b Version: 17.3.7 Version: 17.3.8 Version: 17.3.8a Version: 17.4.1 Version: 17.4.2 Version: 17.4.1a Version: 17.4.1b Version: 17.4.2a Version: 17.5.1 Version: 17.5.1a Version: 17.6.1 Version: 17.6.2 Version: 17.6.1w Version: 17.6.1a Version: 17.6.1x Version: 17.6.3 Version: 17.6.1y Version: 17.6.1z Version: 17.6.3a Version: 17.6.4 Version: 17.6.1z1 Version: 17.6.5 Version: 17.6.6 Version: 17.6.6a Version: 17.6.5a Version: 17.7.1 Version: 17.7.1a Version: 17.7.1b Version: 17.7.2 Version: 17.10.1 Version: 17.10.1a Version: 17.10.1b Version: 17.8.1 Version: 17.8.1a Version: 17.9.1 Version: 17.9.1w Version: 17.9.2 Version: 17.9.1a Version: 17.9.1x Version: 17.9.1y Version: 17.9.3 Version: 17.9.2a Version: 17.9.1x1 Version: 17.9.3a Version: 17.9.4 Version: 17.9.1y1 Version: 17.9.4a Version: 17.11.1 Version: 17.11.1a Version: 17.12.1 Version: 17.12.1w Version: 17.12.1a Version: 17.12.1x Version: 17.12.1y Version: 17.11.99SW |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20437", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T19:27:41.726395Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-25T19:28:46.296Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.1x" }, { "status": "affected", "version": "17.12.1y" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-25T16:27:42.864Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-webui-csrf-ycUYxkKO", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO" } ], "source": { "advisory": "cisco-sa-webui-csrf-ycUYxkKO", "defects": [ "CSCwh96411" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20437", "datePublished": "2024-09-25T16:27:42.864Z", "dateReserved": "2023-11-08T15:08:07.667Z", "dateUpdated": "2024-09-25T19:28:46.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-20437\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2024-09-25T17:15:16.630\",\"lastModified\":\"2024-10-24T19:45:01.540\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.\\r\\n\\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco IOS XE podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de Cross-Site Request Forgery (CSRF) y ejecute comandos en la CLI de un dispositivo afectado. Esta vulnerabilidad se debe a que no hay suficientes protecciones CSRF para la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario ya autenticado para que siga un enlace manipulado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar acciones arbitrarias en el dispositivo afectado con los privilegios del usuario objetivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B270A04-9961-4E99-806B-441CD674AFBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1360069D-0358-4746-8C3F-44C2A40988D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DD2403-113B-4100-8BD4-90E1927E6648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DDB1E60-C2A9-4570-BE80-F3D478A53738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9841799A-87E2-46AE-807A-824981EAB35A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CEF022B-271F-4017-B74B-82748D5EBA01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B2902D8-3A7B-4C47-9BC6-8CA4C580A346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8871B890-78F4-4D9D-AEFF-6A393493C51E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E489AC5-A445-44FF-AA85-F0915577384E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"917BA05C-2A18-4C68-B508-85C2B5A94416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06337791-7D8D-4EAA-BACC-4E270F377B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"336A8630-653C-4E28-8DE1-76CDD8573980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A1767AE-7D9F-4BAA-90E1-CF8314CD0B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A6B707B-4543-41F1-83DF-49A93BF56FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8F611B-D347-4A21-90E6-56CF4D8A35A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9A92CE4-B4B0-4C14-AE11-8DFE511406F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"274E3E6F-4280-4EAE-B102-1BE57FE1F1D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46B52A51-51DB-4A12-AB1D-8D9605226599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"938B0720-8CA7-43BA-9708-5CE9EC7A565A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4BE7166-DBD3-4CE6-A14A-725FE896B85E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE62C4B-7C06-4907-BADE-416C1618D2D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C60DF3F-DBD9-4BBF-812E-4BB0C47BDF3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1w:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26FEE2E2-DD85-4006-8895-0BDA04E8EE4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CD237B-2843-4D37-87D7-AE6D1A53458A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B80614B-6362-45F0-B305-2F137B053DCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B20C7E-1C9C-4EF4-91E4-388643C4B9C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1z1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB7966A0-D84D-47F7-AED9-D041BCDA6703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D19D8C-FACF-49B4-BA99-CC3A3FDADAFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B78942C-BEE1-4D18-9075-8E1D991BF621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B306D35-4A13-4D23-8EC2-D000E8ADCDA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F21093D-1036-4F6B-B90F-ACE1EF99EA33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280D24C6-A2BF-46E8-B512-6A3FA7833922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F903F51-ABF4-49B0-A5BA-A6B51F79666F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F244E7-8EE9-4E58-83FA-EEDD3C8F792D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5238B1D1-740D-4B37-A0CB-1B3343E55D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38B87B17-C653-40AC-8AE4-066BB1123C88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9012A66E-82C4-4ACF-A4BB-37EC54B87B50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C945710-7DC3-43D9-9FBE-F2A1B8666C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"849C6FF1-F7C0-4021-BCA2-A791C87E4F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7592C7E3-3735-425F-A276-9EE03224CD5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1103BE75-EB64-4A9A-801E-EDE6A1F861F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0C2129-8149-4362-827C-A5494C9D398B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7452C7E9-6241-42C5-9A7F-13C0BD38A2B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1w:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C48FC4-5362-4B61-8B8C-7CAFFB81045E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC43383-DF99-4D38-A220-0A202623B36A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1x1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E6CD08-EC7E-42C1-B2C2-CA5E154545A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE62DC68-E882-49E7-AAD2-2F73637FFB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1y1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57CD29C9-C629-48B0-ABDD-CEC3DEB6FB11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D197445E-EC12-429C-BDD4-F63FA5C1B3E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD27DF50-9E81-4EC5-BA73-513F1DFB972C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EA3EAA-A379-467E-AF9A-FCFBACAE49C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FC63AAF-758F-4A70-9738-96E75A0A1DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E67BE408-8DCF-491F-9EA9-E368565C1B49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9CFE98A-FBA5-4837-BBD9-3C875ECEBF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42FAEC29-D754-49D6-85F1-F5DDFAF6E80F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE76032-948F-444F-BA5D-72A34D1CD382\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A965A2A-129C-45C3-BCB1-2860F583D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F313F2EC-F3D6-4639-934C-402DDA3DA806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AFB2CA6-8332-4E4D-BDB4-C3B770D3AD6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.11.99sw:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F7C157F-5569-4072-805F-7AF598F6B56F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF0778B-015D-481B-BAC0-40667F3453D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EEBC0EB-0DBB-4530-AFC4-AA0036469656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1w:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66D0DB87-6BB7-4FCF-BF20-6D4D48D72B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0A766E7-CF3C-4529-AFA4-D780059A66BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46B7F7EA-6512-433F-B1E4-B2F889427464\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.