Cisco IOS XE software update

Last Wednesday, a High Severity Cisco flaw has been found and been announce in the public alongside with the patch. However, there is no workaround for this vulnerabilities been release.

According to Cisco, this vulnerability will not affect other devices such as follows:

  1. Cisco IOS Software
  2. Cisco IOS XR Software
  3. Cisco NX-OS Software

In Cisco Advisory, they have said that:

The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link

They also mentioned in the their Advisory that

The vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system

For the user that want to see the HTTP Server Feature for the Cisco IOS device, the user can type the command such as

show running-config | include IP HTTP server|secure-server

The command of “Show Version” is to show the software release of the Cisco Device

Source: Cisco IOS XE Software Receives Fix Against High-Severity Flaw and Cisco Advisory

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *