Kwangho Park

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified) Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. The vulnerability is also associated with insufficient input validation in the web interface of the Cisco IOS XE operating system, which can be exploited by a remote attacker to gain elevated privileges. Recommendations: For Cisco IOS XE Software, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting access to the web management framework to minimize the risk of exploitation. Avoid using the web interface with read-only privileges until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified) Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. The vulnerabilities are associated with errors in processing input data. Recommendations: For Cisco IOS XE Software, update to a version that includes the software updates released by Cisco to address these vulnerabilities. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but it is recommended to apply the software updates provided by Cisco. As a temporary workaround, consider restricting access to the web management framework until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. The vulnerabilities are associated with errors in processing input data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.