SB2019082608 - CSRF in Cisco IOS XE Wireless Device Manager GUI
Published: August 26, 2019
Security Bulletin ID
SB2019082608
Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cross-site request forgery (CVE-ID: CVE-2019-12624)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in the web-based management interface. A remote attacker can trick the victim to visit a specially crafted web page and follow a crafted link.
This vulnerability affects the following Cisco products that are running any of the 3.xE releases of Cisco IOS XE Software:
- 5760 Wireless LAN Controllers
- Catalyst 3650 Series Switches
- Catalyst 3850 Series Switches
- Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.