Cisco IOS XE Software Web-Based Management Interface CSRF Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the web-based management interface of Cisco IOS XE Software. This vulnerability allows an unauthenticated, remote attacker to execute commands on the command-line interface (CLI) of an affected device. The issue arises from inadequate CSRF protections, enabling an attacker to manipulate an already authenticated user into following a crafted link. If successful, the attacker could clear the syslog, parser, and licensing logs on the device, provided the targeted user has the necessary privileges to do so.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the CLI of the affected device, with the potential to clear various system logs, depending on the privileges of the user being exploited.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Security Advisories page. As a temporary measure, the HTTP Server feature can be disabled, which eliminates the attack vector for this vulnerability. To do so, use the 'no ip http server' or 'no ip http secure-server' command in global configuration mode.