CVE-2024-20437

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 352

Summary

CVE-2024-20437 is a vulnerability in the web-based management interface of Cisco IOS XE Software, allowing unauthenticated remote attackers to exploit cross-site request forgery (CSRF) issues. This weakness arises from inadequate CSRF protections, permitting attackers to execute commands on affected devices by tricking authenticated users into following malicious links. The severity of this vulnerability is rated as high, with a CVSS base score of 8.1 and potential high impacts on device integrity and availability. To mitigate this risk, organizations are advised to apply available patches and implement stronger CSRF protections in their web interface configurations. Affected products include various models of Cisco IOS XE Software systems, underscoring the need for immediate attention from users of these devices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share