CVE-2019-16009

Name of the Vulnerable Software and Affected Versions Cisco IOS and Cisco IOS XE Software (affected versions not specified)

Description The issue is related to insufficient CSRF protections for the web UI on affected devices, allowing an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. An attacker could exploit this by persuading a user of the interface to follow a malicious link, potentially allowing the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web UI to minimize the risk of exploitation. Avoid using the web UI until the issue is resolved. Restrict access to the vulnerable web UI to minimize the risk of exploitation. Consider disabling the web UI until a patch is available.