Last Wednesday, a High Severity Cisco flaw has been found and been announce in the public alongside with the patch. However, there is no workaround for this vulnerabilities been release.
According to Cisco, this vulnerability will not affect other devices such as follows:
- Cisco IOS Software
- Cisco IOS XR Software
- Cisco NX-OS Software
In Cisco Advisory, they have said that:
The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link
They also mentioned in the their Advisory that
The vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system
For the user that want to see the HTTP Server Feature for the Cisco IOS device, the user can type the command such as
show running-config | include IP HTTP server|secure-server
The command of “Show Version” is to show the software release of the Cisco Device
Source: Cisco IOS XE Software Receives Fix Against High-Severity Flaw and Cisco Advisory
