CVE-2024-20414

MEDIUM EPSS 19.8%
Published Sep 25, 20241y ago · Modified Jun 17, 20261w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Sep 25, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
19.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-285
CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 461

VendorProductVersionRange
ciscoios_xe3.2.0seany
ciscoios_xe3.2.0sgany
ciscoios_xe3.2.1seany
ciscoios_xe3.2.1sgany
ciscoios_xe3.2.2seany
ciscoios_xe3.2.2sgany
ciscoios_xe3.2.3seany
ciscoios_xe3.2.3sgany
ciscoios_xe3.2.4sgany
ciscoios_xe3.2.5sgany
ciscoios_xe3.2.6sgany
ciscoios_xe3.2.7sgany
ciscoios_xe3.2.8sgany
ciscoios_xe3.2.9sgany
ciscoios_xe3.2.10sgany
ciscoios_xe3.2.11sgany
ciscoios_xe3.3.0seany
ciscoios_xe3.3.0sgany
ciscoios_xe3.3.0sqany
ciscoios_xe3.3.1seany
ciscoios_xe3.3.1sgany
ciscoios_xe3.3.1sqany
ciscoios_xe3.3.2seany
ciscoios_xe3.3.2sgany
ciscoios_xe3.3.3seany
ciscoios_xe3.3.4seany
ciscoios_xe3.3.5seany
ciscoios_xe3.4.0sgany
ciscoios_xe3.4.0sqany
ciscoios_xe3.4.1sgany
ciscoios_xe3.4.1sqany
ciscoios_xe3.4.2sgany
ciscoios_xe3.4.3sgany
ciscoios_xe3.4.4sgany
ciscoios_xe3.4.5sgany
ciscoios_xe3.4.6sgany
ciscoios_xe3.4.7sgany
ciscoios_xe3.4.8sgany
ciscoios_xe3.5.0eany
ciscoios_xe3.5.0sqany
ciscoios_xe3.5.1eany
ciscoios_xe3.5.1sqany
ciscoios_xe3.5.2eany
ciscoios_xe3.5.2sqany
ciscoios_xe3.5.3eany
ciscoios_xe3.5.3sqany
ciscoios_xe3.5.4sqany
ciscoios_xe3.5.5sqany
ciscoios_xe3.5.6sqany
ciscoios_xe3.5.7sqany
ciscoios_xe3.5.8sqany
ciscoios_xe3.6.0eany
ciscoios_xe3.6.1eany
ciscoios_xe3.6.2aeany
ciscoios_xe3.6.2eany
ciscoios_xe3.6.3eany
ciscoios_xe3.6.4eany
ciscoios_xe3.6.5aeany
ciscoios_xe3.6.5beany
ciscoios_xe3.6.5eany
ciscoios_xe3.6.6eany
ciscoios_xe3.6.7beany
ciscoios_xe3.6.7eany
ciscoios_xe3.6.8eany
ciscoios_xe3.6.9eany
ciscoios_xe3.6.10eany
ciscoios_xe3.7.0bsany
ciscoios_xe3.7.0eany
ciscoios_xe3.7.0sany
ciscoios_xe3.7.1asany
ciscoios_xe3.7.1eany
ciscoios_xe3.7.1sany
ciscoios_xe3.7.2eany
ciscoios_xe3.7.2sany
ciscoios_xe3.7.2tsany
ciscoios_xe3.7.3eany
ciscoios_xe3.7.3sany
ciscoios_xe3.7.4asany
ciscoios_xe3.7.4eany
ciscoios_xe3.7.4sany
ciscoios_xe3.7.5eany
ciscoios_xe3.7.5sany
ciscoios_xe3.7.6sany
ciscoios_xe3.7.7sany
ciscoios_xe3.8.0eany
ciscoios_xe3.8.0sany
ciscoios_xe3.8.1eany
ciscoios_xe3.8.1sany
ciscoios_xe3.8.2eany
ciscoios_xe3.8.2sany
ciscoios_xe3.8.3eany
ciscoios_xe3.8.4eany
ciscoios_xe3.8.5aeany
ciscoios_xe3.8.5eany
ciscoios_xe3.8.6eany
ciscoios_xe3.8.7eany
ciscoios_xe3.8.8eany
ciscoios_xe3.8.9eany
ciscoios_xe3.8.10eany
ciscoios_xe3.8.10eeany
ciscoios_xe3.9.0asany
ciscoios_xe3.9.0eany
ciscoios_xe3.9.0sany
ciscoios_xe3.9.1asany
ciscoios_xe3.9.1eany
ciscoios_xe3.9.1sany
ciscoios_xe3.9.2eany
ciscoios_xe3.9.2sany
ciscoios_xe3.10.0ceany
ciscoios_xe3.10.0eany
ciscoios_xe3.10.0sany
ciscoios_xe3.10.1eany
ciscoios_xe3.10.1sany
ciscoios_xe3.10.1xbsany
ciscoios_xe3.10.2eany
ciscoios_xe3.10.2sany
ciscoios_xe3.10.2tsany
ciscoios_xe3.10.3eany
ciscoios_xe3.10.3sany
ciscoios_xe3.10.4sany
ciscoios_xe3.10.5sany
ciscoios_xe3.10.6sany
ciscoios_xe3.10.7sany
ciscoios_xe3.10.8asany
ciscoios_xe3.10.8sany
ciscoios_xe3.10.9sany
ciscoios_xe3.10.10sany
ciscoios_xe3.11.0eany
ciscoios_xe3.11.0sany
ciscoios_xe3.11.1aeany
ciscoios_xe3.11.1eany
ciscoios_xe3.11.1sany
ciscoios_xe3.11.2eany
ciscoios_xe3.11.2sany
ciscoios_xe3.11.3aeany
ciscoios_xe3.11.3eany
ciscoios_xe3.11.3sany
ciscoios_xe3.11.4eany
ciscoios_xe3.11.4sany
ciscoios_xe3.11.5eany
ciscoios_xe3.11.6eany
ciscoios_xe3.11.7eany
ciscoios_xe3.11.8eany
ciscoios_xe3.11.9eany
ciscoios_xe3.11.10eany
ciscoios_xe3.12.0asany
ciscoios_xe3.12.0sany
ciscoios_xe3.12.1sany
ciscoios_xe3.12.2sany
ciscoios_xe3.12.3sany
ciscoios_xe3.12.4sany
ciscoios_xe3.13.0asany
ciscoios_xe3.13.0sany
ciscoios_xe3.13.1sany
ciscoios_xe3.13.2asany
ciscoios_xe3.13.2sany
ciscoios_xe3.13.3sany
ciscoios_xe3.13.4sany
ciscoios_xe3.13.5asany
ciscoios_xe3.13.5sany
ciscoios_xe3.13.6asany
ciscoios_xe3.13.6sany
ciscoios_xe3.13.7asany
ciscoios_xe3.13.7sany
ciscoios_xe3.13.8sany
ciscoios_xe3.13.9sany
ciscoios_xe3.13.10sany
ciscoios_xe3.14.0sany
ciscoios_xe3.14.1sany
ciscoios_xe3.14.2sany
ciscoios_xe3.14.3sany
ciscoios_xe3.14.4sany
ciscoios_xe3.15.0sany
ciscoios_xe3.15.1csany
ciscoios_xe3.15.1sany
ciscoios_xe3.15.2sany
ciscoios_xe3.15.3sany
ciscoios_xe3.15.4sany
ciscoios_xe3.16.0csany
ciscoios_xe3.16.0sany
ciscoios_xe3.16.1asany
ciscoios_xe3.16.1sany
ciscoios_xe3.16.2asany
ciscoios_xe3.16.2bsany
ciscoios_xe3.16.2sany
ciscoios_xe3.16.3asany
ciscoios_xe3.16.3sany
ciscoios_xe3.16.4asany
ciscoios_xe3.16.4bsany
ciscoios_xe3.16.4dsany
ciscoios_xe3.16.4sany
ciscoios_xe3.16.5sany
ciscoios_xe3.16.6bsany
ciscoios_xe3.16.6sany
ciscoios_xe3.16.7asany
ciscoios_xe3.16.7bsany
ciscoios_xe3.16.7sany
ciscoios_xe3.16.8sany
ciscoios_xe3.16.9sany
ciscoios_xe3.16.10sany
ciscoios_xe3.17.0sany
ciscoios_xe3.17.1asany
ciscoios_xe3.17.1sany
ciscoios_xe3.17.2sany
ciscoios_xe3.17.3sany
ciscoios_xe3.17.4sany
ciscoios_xe3.18.0asany
ciscoios_xe3.18.0sany
ciscoios_xe3.18.0spany
ciscoios_xe3.18.1aspany
ciscoios_xe3.18.1bspany
ciscoios_xe3.18.1cspany
ciscoios_xe3.18.1sany
ciscoios_xe3.18.1spany
ciscoios_xe3.18.2aspany
ciscoios_xe3.18.2sany
ciscoios_xe3.18.2spany
ciscoios_xe3.18.3aspany
ciscoios_xe3.18.3bspany
ciscoios_xe3.18.3sany
ciscoios_xe3.18.3spany
ciscoios_xe3.18.4sany
ciscoios_xe3.18.4spany
ciscoios_xe3.18.5spany
ciscoios_xe3.18.6spany
ciscoios_xe3.18.7spany
ciscoios_xe3.18.8aspany
ciscoios_xe3.18.9spany
ciscoios_xe16.1.1any
ciscoios_xe16.1.2any
ciscoios_xe16.1.3any
ciscoios_xe16.2.1any
ciscoios_xe16.2.2any
ciscoios_xe16.3.1any
ciscoios_xe16.3.1aany
ciscoios_xe16.3.2any
ciscoios_xe16.3.3any
ciscoios_xe16.3.4any
ciscoios_xe16.3.5any
ciscoios_xe16.3.5bany
ciscoios_xe16.3.6any
ciscoios_xe16.3.7any
ciscoios_xe16.3.8any
ciscoios_xe16.3.9any
ciscoios_xe16.3.10any
ciscoios_xe16.3.11any
ciscoios_xe16.4.1any
ciscoios_xe16.4.2any
ciscoios_xe16.4.3any
ciscoios_xe16.5.1any
ciscoios_xe16.5.1aany
ciscoios_xe16.5.1bany
ciscoios_xe16.5.2any
ciscoios_xe16.5.3any
ciscoios_xe16.6.1any
ciscoios_xe16.6.2any
ciscoios_xe16.6.3any
ciscoios_xe16.6.4any
ciscoios_xe16.6.4aany
ciscoios_xe16.6.5any
ciscoios_xe16.6.5aany
ciscoios_xe16.6.6any
ciscoios_xe16.6.7any
ciscoios_xe16.6.8any
ciscoios_xe16.6.9any
ciscoios_xe16.6.10any
ciscoios_xe16.7.1any
ciscoios_xe16.7.1aany
ciscoios_xe16.7.1bany
ciscoios_xe16.7.2any
ciscoios_xe16.7.3any
ciscoios_xe16.7.4any
ciscoios_xe16.8.1any
ciscoios_xe16.8.1aany
ciscoios_xe16.8.1bany
ciscoios_xe16.8.1cany
ciscoios_xe16.8.1dany
ciscoios_xe16.8.1eany
ciscoios_xe16.8.1sany
ciscoios_xe16.8.2any
ciscoios_xe16.8.3any
ciscoios_xe16.9.1any
ciscoios_xe16.9.1aany
ciscoios_xe16.9.1bany
ciscoios_xe16.9.1sany
ciscoios_xe16.9.2any
ciscoios_xe16.9.3any
ciscoios_xe16.9.3aany
ciscoios_xe16.9.4any
ciscoios_xe16.9.5any
ciscoios_xe16.9.5fany
ciscoios_xe16.9.6any
ciscoios_xe16.9.7any
ciscoios_xe16.9.8any
ciscoios_xe16.10.1any
ciscoios_xe16.10.1aany
ciscoios_xe16.10.1bany
ciscoios_xe16.10.1cany
ciscoios_xe16.10.1dany
ciscoios_xe16.10.1eany
ciscoios_xe16.10.1fany
ciscoios_xe16.10.1gany
ciscoios_xe16.10.1sany
ciscoios_xe16.10.2any
ciscoios_xe16.10.3any
ciscoios_xe16.11.1any
ciscoios_xe16.11.1aany
ciscoios_xe16.11.1bany
ciscoios_xe16.11.1sany
ciscoios_xe16.11.2any
ciscoios_xe16.12.1any
ciscoios_xe16.12.1aany
ciscoios_xe16.12.1cany
ciscoios_xe16.12.1sany
ciscoios_xe16.12.1tany
ciscoios_xe16.12.1wany
ciscoios_xe16.12.1xany
ciscoios_xe16.12.1yany
ciscoios_xe16.12.1z1any
ciscoios_xe16.12.1z2any
ciscoios_xe16.12.2any
ciscoios_xe16.12.2aany
ciscoios_xe16.12.2sany
ciscoios_xe16.12.3any
ciscoios_xe16.12.3aany
ciscoios_xe16.12.3sany
ciscoios_xe16.12.4any
ciscoios_xe16.12.4aany
ciscoios_xe16.12.5any
ciscoios_xe16.12.5aany
ciscoios_xe16.12.5bany
ciscoios_xe16.12.6any
ciscoios_xe16.12.6aany
ciscoios_xe16.12.7any
ciscoios_xe16.12.8any
ciscoios_xe16.12.9any
ciscoios_xe16.12.10any
ciscoios_xe16.12.10aany
ciscoios_xe16.12.11any
ciscoios_xe17.1.1any
ciscoios_xe17.1.1aany
ciscoios_xe17.1.1sany
ciscoios_xe17.1.1tany
ciscoios_xe17.1.3any
ciscoios_xe17.2.1any
ciscoios_xe17.2.1aany
ciscoios_xe17.2.1rany
ciscoios_xe17.2.1vany
ciscoios_xe17.2.2any
ciscoios_xe17.2.3any
ciscoios_xe17.3.1any
ciscoios_xe17.3.1aany
ciscoios_xe17.3.1wany
ciscoios_xe17.3.1xany
ciscoios_xe17.3.1zany
ciscoios_xe17.3.2any
ciscoios_xe17.3.2aany
ciscoios_xe17.3.3any
ciscoios_xe17.3.4any
ciscoios_xe17.3.4aany
ciscoios_xe17.3.4bany
ciscoios_xe17.3.4cany
ciscoios_xe17.3.5any
ciscoios_xe17.3.5aany
ciscoios_xe17.3.5bany
ciscoios_xe17.3.6any
ciscoios_xe17.3.7any
ciscoios_xe17.3.8any
ciscoios_xe17.3.8aany
ciscoios_xe17.4.1any
ciscoios_xe17.4.1aany
ciscoios_xe17.4.1bany
ciscoios_xe17.4.2any
ciscoios_xe17.4.2aany
ciscoios_xe17.5.1any
ciscoios_xe17.5.1aany
ciscoios_xe17.6.1any
ciscoios_xe17.6.1aany
ciscoios_xe17.6.1wany
ciscoios_xe17.6.1xany
ciscoios_xe17.6.1yany
ciscoios_xe17.6.1zany
ciscoios_xe17.6.1z1any
ciscoios_xe17.6.2any
ciscoios_xe17.6.3any
ciscoios_xe17.6.3aany
ciscoios_xe17.6.4any
ciscoios_xe17.6.5any
ciscoios_xe17.6.5aany
ciscoios_xe17.6.6any
ciscoios_xe17.6.6aany
ciscoios_xe17.6.7any
ciscoios_xe17.7.1any
ciscoios_xe17.7.1aany
ciscoios_xe17.7.1bany
ciscoios_xe17.7.2any
ciscoios_xe17.8.1any
ciscoios_xe17.8.1aany
ciscoios_xe17.9.1any
ciscoios_xe17.9.1aany
ciscoios_xe17.9.1wany
ciscoios_xe17.9.1xany
ciscoios_xe17.9.1x1any
ciscoios_xe17.9.1yany
ciscoios_xe17.9.1y1any
ciscoios_xe17.9.2any
ciscoios_xe17.9.2aany
ciscoios_xe17.9.3any
ciscoios_xe17.9.3aany
ciscoios_xe17.9.4any
ciscoios_xe17.9.4aany
ciscoios_xe17.9.5any
ciscoios_xe17.9.5aany
ciscoios_xe17.9.5bany
ciscoios_xe17.10.1any
ciscoios_xe17.10.1aany
ciscoios_xe17.10.1bany
ciscoios_xe17.11.1any
ciscoios_xe17.11.1aany
ciscoios_xe17.11.99swany
ciscoios_xe17.12.1any
ciscoios_xe17.12.1aany
ciscoios_xe17.12.1wany
ciscoios_xe17.12.1xany
ciscoios_xe17.12.1yany
ciscoios_xe17.12.2any
ciscoios_xe17.12.2aany
ciscoios_xe17.12.3any
ciscoios_xe17.12.3aany
ciscoios_xe17.13.1any
ciscoios_xe17.13.1aany
ciscoios15.2\(6\)e2any
ciscoios15.2\(6\)e2aany
ciscoios15.2\(6\)e2bany
ciscoios15.2\(6\)e3any
ciscoios15.2\(6\)ebany
ciscoios15.2\(7\)eany
ciscoios15.2\(7\)e0aany
ciscoios15.2\(7\)e0bany
ciscoios15.2\(7\)e0sany
ciscoios15.2\(7\)e1any
ciscoios15.2\(7\)e1aany
ciscoios15.2\(7\)e2any
ciscoios15.2\(7\)e2aany
ciscoios15.2\(7\)e3any
ciscoios15.2\(7\)e3kany
ciscoios15.2\(7\)e4any
ciscoios15.2\(7\)e5any
ciscoios15.2\(7\)e6any
ciscoios15.2\(7\)e7any
ciscoios15.2\(7\)e8any
ciscoios15.2\(7\)e9any
ciscoios15.2\(7\)e10any
ciscoios15.2\(7a\)e0bany
ciscoios15.2\(7b\)e0bany
ciscoios15.2\(8\)eany
ciscoios15.2\(8\)e1any
ciscoios15.2\(8\)e2any
ciscoios15.2\(8\)e3any
ciscoios15.2\(8\)e4any
ciscoios15.2\(8\)e5any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-HfwnRgk
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.