Primary

Context

Cisco IOS XE Software Web-Based Management Interface Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in the web-based management interface of Cisco IOS XE Software, allowing authenticated, low-privileged, remote attackers to conduct injection attacks on affected devices. This issue arises from inadequate input validation, enabling attackers to send crafted input that could be exploited to read files from the underlying operating system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the operating system.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Security Advisories page. Disabling the HTTP Server feature also eliminates the attack vector for this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco IOS XE Software Web-Based Management Interface Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco IOS XE Software

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating