This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XE Software and have the HTTP Server feature enabled. For a complete list of the advisories and links to them, see Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. This advisory is part of the March 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. ![]() This advisory is available at the following link: There are no workarounds that address this vulnerability. ![]() A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition.Ĭisco has released software updates that address this vulnerability. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. ![]() This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |