CVE-2019-12624

CVE Database · CVE-2019-12624

CVE-2019-12624

· N/AModified

CVSS v3.1

N/A

EPSS

18.71%

Published

Aug 21, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

Exploit-DBCisco Wireless Controller 3.6.10E - Cross-Site Request Forgery

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Weaknesses (CWE)

CWE-352CWE-352

Affected Products (19)

cisco · ios_xevulnerable

cisco · 5760_wireless_lan_controller

cisco · catalyst_3650-12x48uq

cisco · catalyst_3650-12x48ur

cisco · catalyst_3650-12x48uz

cisco · catalyst_3650-24pd

cisco · catalyst_3650-24pdm

cisco · catalyst_3650-48fq

cisco · catalyst_3650-48fqm

cisco · catalyst_3650-8x24uq

cisco · catalyst_3850-12x48u

cisco · catalyst_3850-24u

cisco · catalyst_3850-24xs

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-iosxe-ngwc-csrf

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-iosxe-ngwc-csrf

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs