Cisco IOS / IOS XE Web UI CSRF via HTTP GET
CVE-2024-20414 Published on September 25, 2024
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.
Vulnerability Analysis
CVE-2024-20414 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-20414 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-20414
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-20414 are published in these products:
Affected Versions
Cisco IOS:- Version 15.2(6)E2 is affected.
- Version 15.2(7)E is affected.
- Version 15.2(6)E2a is affected.
- Version 15.2(6)E2b is affected.
- Version 15.2(7)E1 is affected.
- Version 15.2(7)E0a is affected.
- Version 15.2(7)E0b is affected.
- Version 15.2(7)E0s is affected.
- Version 15.2(6)E3 is affected.
- Version 15.2(7)E2 is affected.
- Version 15.2(7a)E0b is affected.
- Version 15.2(7)E3 is affected.
- Version 15.2(7)E1a is affected.
- Version 15.2(7b)E0b is affected.
- Version 15.2(7)E2a is affected.
- Version 15.2(7)E4 is affected.
- Version 15.2(7)E3k is affected.
- Version 15.2(8)E is affected.
- Version 15.2(8)E1 is affected.
- Version 15.2(7)E5 is affected.
- Version 15.2(7)E6 is affected.
- Version 15.2(8)E2 is affected.
- Version 15.2(7)E7 is affected.
- Version 15.2(8)E3 is affected.
- Version 15.2(7)E8 is affected.
- Version 15.2(8)E4 is affected.
- Version 15.2(7)E9 is affected.
- Version 15.2(8)E5 is affected.
- Version 15.2(7)E10 is affected.
- Version 15.2(6)EB is affected.
- Version 3.2.0SG is affected.
- Version 3.2.1SG is affected.
- Version 3.2.2SG is affected.
- Version 3.2.3SG is affected.
- Version 3.2.4SG is affected.
- Version 3.2.5SG is affected.
- Version 3.2.6SG is affected.
- Version 3.2.7SG is affected.
- Version 3.2.8SG is affected.
- Version 3.2.9SG is affected.
- Version 3.2.10SG is affected.
- Version 3.2.11SG is affected.
- Version 3.7.0S is affected.
- Version 3.7.1S is affected.
- Version 3.7.2S is affected.
- Version 3.7.3S is affected.
- Version 3.7.4S is affected.
- Version 3.7.5S is affected.
- Version 3.7.6S is affected.
- Version 3.7.7S is affected.
- Version 3.7.4aS is affected.
- Version 3.7.2tS is affected.
- Version 3.7.0bS is affected.
- Version 3.7.1aS is affected.
- Version 3.3.0SG is affected.
- Version 3.3.2SG is affected.
- Version 3.3.1SG is affected.
- Version 3.8.0S is affected.
- Version 3.8.1S is affected.
- Version 3.8.2S is affected.
- Version 3.9.1S is affected.
- Version 3.9.0S is affected.
- Version 3.9.2S is affected.
- Version 3.9.1aS is affected.
- Version 3.9.0aS is affected.
- Version 3.2.0SE is affected.
- Version 3.2.1SE is affected.
- Version 3.2.2SE is affected.
- Version 3.2.3SE is affected.
- Version 3.3.0SE is affected.
- Version 3.3.1SE is affected.
- Version 3.3.2SE is affected.
- Version 3.3.3SE is affected.
- Version 3.3.4SE is affected.
- Version 3.3.5SE is affected.
- Version 3.4.0SG is affected.
- Version 3.4.2SG is affected.
- Version 3.4.1SG is affected.
- Version 3.4.3SG is affected.
- Version 3.4.4SG is affected.
- Version 3.4.5SG is affected.
- Version 3.4.6SG is affected.
- Version 3.4.7SG is affected.
- Version 3.4.8SG is affected.
- Version 3.5.0E is affected.
- Version 3.5.1E is affected.
- Version 3.5.2E is affected.
- Version 3.5.3E is affected.
- Version 3.10.0S is affected.
- Version 3.10.1S is affected.
- Version 3.10.2S is affected.
- Version 3.10.3S is affected.
- Version 3.10.4S is affected.
- Version 3.10.5S is affected.
- Version 3.10.6S is affected.
- Version 3.10.2tS is affected.
- Version 3.10.7S is affected.
- Version 3.10.1xbS is affected.
- Version 3.10.8S is affected.
- Version 3.10.8aS is affected.
- Version 3.10.9S is affected.
- Version 3.10.10S is affected.
- Version 3.11.1S is affected.
- Version 3.11.2S is affected.
- Version 3.11.0S is affected.
- Version 3.11.3S is affected.
- Version 3.11.4S is affected.
- Version 3.12.0S is affected.
- Version 3.12.1S is affected.
- Version 3.12.2S is affected.
- Version 3.12.3S is affected.
- Version 3.12.0aS is affected.
- Version 3.12.4S is affected.
- Version 3.13.0S is affected.
- Version 3.13.1S is affected.
- Version 3.13.2S is affected.
- Version 3.13.3S is affected.
- Version 3.13.4S is affected.
- Version 3.13.5S is affected.
- Version 3.13.2aS is affected.
- Version 3.13.0aS is affected.
- Version 3.13.5aS is affected.
- Version 3.13.6S is affected.
- Version 3.13.7S is affected.
- Version 3.13.6aS is affected.
- Version 3.13.7aS is affected.
- Version 3.13.8S is affected.
- Version 3.13.9S is affected.
- Version 3.13.10S is affected.
- Version 3.6.0E is affected.
- Version 3.6.1E is affected.
- Version 3.6.2aE is affected.
- Version 3.6.2E is affected.
- Version 3.6.3E is affected.
- Version 3.6.4E is affected.
- Version 3.6.5E is affected.
- Version 3.6.6E is affected.
- Version 3.6.5aE is affected.
- Version 3.6.5bE is affected.
- Version 3.6.7E is affected.
- Version 3.6.8E is affected.
- Version 3.6.7bE is affected.
- Version 3.6.9E is affected.
- Version 3.6.10E is affected.
- Version 3.14.0S is affected.
- Version 3.14.1S is affected.
- Version 3.14.2S is affected.
- Version 3.14.3S is affected.
- Version 3.14.4S is affected.
- Version 3.15.0S is affected.
- Version 3.15.1S is affected.
- Version 3.15.2S is affected.
- Version 3.15.1cS is affected.
- Version 3.15.3S is affected.
- Version 3.15.4S is affected.
- Version 3.3.0SQ is affected.
- Version 3.3.1SQ is affected.
- Version 3.4.0SQ is affected.
- Version 3.4.1SQ is affected.
- Version 3.7.0E is affected.
- Version 3.7.1E is affected.
- Version 3.7.2E is affected.
- Version 3.7.3E is affected.
- Version 3.7.4E is affected.
- Version 3.7.5E is affected.
- Version 3.5.0SQ is affected.
- Version 3.5.1SQ is affected.
- Version 3.5.2SQ is affected.
- Version 3.5.3SQ is affected.
- Version 3.5.4SQ is affected.
- Version 3.5.5SQ is affected.
- Version 3.5.6SQ is affected.
- Version 3.5.7SQ is affected.
- Version 3.5.8SQ is affected.
- Version 3.16.0S is affected.
- Version 3.16.1S is affected.
- Version 3.16.1aS is affected.
- Version 3.16.2S is affected.
- Version 3.16.2aS is affected.
- Version 3.16.0cS is affected.
- Version 3.16.3S is affected.
- Version 3.16.2bS is affected.
- Version 3.16.3aS is affected.
- Version 3.16.4S is affected.
- Version 3.16.4aS is affected.
- Version 3.16.4bS is affected.
- Version 3.16.5S is affected.
- Version 3.16.4dS is affected.
- Version 3.16.6S is affected.
- Version 3.16.7S is affected.
- Version 3.16.6bS is affected.
- Version 3.16.7aS is affected.
- Version 3.16.7bS is affected.
- Version 3.16.8S is affected.
- Version 3.16.9S is affected.
- Version 3.16.10S is affected.
- Version 3.17.0S is affected.
- Version 3.17.1S is affected.
- Version 3.17.2S is affected.
- Version 3.17.1aS is affected.
- Version 3.17.3S is affected.
- Version 3.17.4S is affected.
- Version 16.1.1 is affected.
- Version 16.1.2 is affected.
- Version 16.1.3 is affected.
- Version 16.2.1 is affected.
- Version 16.2.2 is affected.
- Version 3.8.0E is affected.
- Version 3.8.1E is affected.
- Version 3.8.2E is affected.
- Version 3.8.3E is affected.
- Version 3.8.4E is affected.
- Version 3.8.5E is affected.
- Version 3.8.5aE is affected.
- Version 3.8.6E is affected.
- Version 3.8.7E is affected.
- Version 3.8.8E is affected.
- Version 3.8.9E is affected.
- Version 3.8.10E is affected.
- Version 3.8.10eE is affected.
- Version 16.3.1 is affected.
- Version 16.3.2 is affected.
- Version 16.3.3 is affected.
- Version 16.3.1a is affected.
- Version 16.3.4 is affected.
- Version 16.3.5 is affected.
- Version 16.3.5b is affected.
- Version 16.3.6 is affected.
- Version 16.3.7 is affected.
- Version 16.3.8 is affected.
- Version 16.3.9 is affected.
- Version 16.3.10 is affected.
- Version 16.3.11 is affected.
- Version 16.4.1 is affected.
- Version 16.4.2 is affected.
- Version 16.4.3 is affected.
- Version 16.5.1 is affected.
- Version 16.5.1a is affected.
- Version 16.5.1b is affected.
- Version 16.5.2 is affected.
- Version 16.5.3 is affected.
- Version 3.18.0aS is affected.
- Version 3.18.0S is affected.
- Version 3.18.1S is affected.
- Version 3.18.2S is affected.
- Version 3.18.3S is affected.
- Version 3.18.4S is affected.
- Version 3.18.0SP is affected.
- Version 3.18.1SP is affected.
- Version 3.18.1aSP is affected.
- Version 3.18.1bSP is affected.
- Version 3.18.1cSP is affected.
- Version 3.18.2SP is affected.
- Version 3.18.2aSP is affected.
- Version 3.18.3SP is affected.
- Version 3.18.4SP is affected.
- Version 3.18.3aSP is affected.
- Version 3.18.3bSP is affected.
- Version 3.18.5SP is affected.
- Version 3.18.6SP is affected.
- Version 3.18.7SP is affected.
- Version 3.18.8aSP is affected.
- Version 3.18.9SP is affected.
- Version 3.9.0E is affected.
- Version 3.9.1E is affected.
- Version 3.9.2E is affected.
- Version 16.6.1 is affected.
- Version 16.6.2 is affected.
- Version 16.6.3 is affected.
- Version 16.6.4 is affected.
- Version 16.6.5 is affected.
- Version 16.6.4a is affected.
- Version 16.6.5a is affected.
- Version 16.6.6 is affected.
- Version 16.6.7 is affected.
- Version 16.6.8 is affected.
- Version 16.6.9 is affected.
- Version 16.6.10 is affected.
- Version 16.7.1 is affected.
- Version 16.7.1a is affected.
- Version 16.7.1b is affected.
- Version 16.7.2 is affected.
- Version 16.7.3 is affected.
- Version 16.7.4 is affected.
- Version 16.8.1 is affected.
- Version 16.8.1a is affected.
- Version 16.8.1b is affected.
- Version 16.8.1s is affected.
- Version 16.8.1c is affected.
- Version 16.8.1d is affected.
- Version 16.8.2 is affected.
- Version 16.8.1e is affected.
- Version 16.8.3 is affected.
- Version 16.9.1 is affected.
- Version 16.9.2 is affected.
- Version 16.9.1a is affected.
- Version 16.9.1b is affected.
- Version 16.9.1s is affected.
- Version 16.9.3 is affected.
- Version 16.9.4 is affected.
- Version 16.9.3a is affected.
- Version 16.9.5 is affected.
- Version 16.9.5f is affected.
- Version 16.9.6 is affected.
- Version 16.9.7 is affected.
- Version 16.9.8 is affected.
- Version 16.10.1 is affected.
- Version 16.10.1a is affected.
- Version 16.10.1b is affected.
- Version 16.10.1s is affected.
- Version 16.10.1c is affected.
- Version 16.10.1e is affected.
- Version 16.10.1d is affected.
- Version 16.10.2 is affected.
- Version 16.10.1f is affected.
- Version 16.10.1g is affected.
- Version 16.10.3 is affected.
- Version 3.10.0E is affected.
- Version 3.10.1E is affected.
- Version 3.10.0cE is affected.
- Version 3.10.2E is affected.
- Version 3.10.3E is affected.
- Version 16.11.1 is affected.
- Version 16.11.1a is affected.
- Version 16.11.1b is affected.
- Version 16.11.2 is affected.
- Version 16.11.1s is affected.
- Version 16.12.1 is affected.
- Version 16.12.1s is affected.
- Version 16.12.1a is affected.
- Version 16.12.1c is affected.
- Version 16.12.1w is affected.
- Version 16.12.2 is affected.
- Version 16.12.1y is affected.
- Version 16.12.2a is affected.
- Version 16.12.3 is affected.
- Version 16.12.8 is affected.
- Version 16.12.2s is affected.
- Version 16.12.1x is affected.
- Version 16.12.1t is affected.
- Version 16.12.4 is affected.
- Version 16.12.3s is affected.
- Version 16.12.3a is affected.
- Version 16.12.4a is affected.
- Version 16.12.5 is affected.
- Version 16.12.6 is affected.
- Version 16.12.1z1 is affected.
- Version 16.12.5a is affected.
- Version 16.12.5b is affected.
- Version 16.12.1z2 is affected.
- Version 16.12.6a is affected.
- Version 16.12.7 is affected.
- Version 16.12.9 is affected.
- Version 16.12.10 is affected.
- Version 16.12.10a is affected.
- Version 16.12.11 is affected.
- Version 3.11.0E is affected.
- Version 3.11.1E is affected.
- Version 3.11.2E is affected.
- Version 3.11.3E is affected.
- Version 3.11.1aE is affected.
- Version 3.11.4E is affected.
- Version 3.11.3aE is affected.
- Version 3.11.5E is affected.
- Version 3.11.6E is affected.
- Version 3.11.7E is affected.
- Version 3.11.8E is affected.
- Version 3.11.9E is affected.
- Version 3.11.10E is affected.
- Version 17.1.1 is affected.
- Version 17.1.1a is affected.
- Version 17.1.1s is affected.
- Version 17.1.1t is affected.
- Version 17.1.3 is affected.
- Version 17.2.1 is affected.
- Version 17.2.1r is affected.
- Version 17.2.1a is affected.
- Version 17.2.1v is affected.
- Version 17.2.2 is affected.
- Version 17.2.3 is affected.
- Version 17.3.1 is affected.
- Version 17.3.2 is affected.
- Version 17.3.3 is affected.
- Version 17.3.1a is affected.
- Version 17.3.1w is affected.
- Version 17.3.2a is affected.
- Version 17.3.1x is affected.
- Version 17.3.1z is affected.
- Version 17.3.4 is affected.
- Version 17.3.5 is affected.
- Version 17.3.4a is affected.
- Version 17.3.6 is affected.
- Version 17.3.4b is affected.
- Version 17.3.4c is affected.
- Version 17.3.5a is affected.
- Version 17.3.5b is affected.
- Version 17.3.7 is affected.
- Version 17.3.8 is affected.
- Version 17.3.8a is affected.
- Version 17.4.1 is affected.
- Version 17.4.2 is affected.
- Version 17.4.1a is affected.
- Version 17.4.1b is affected.
- Version 17.4.2a is affected.
- Version 17.5.1 is affected.
- Version 17.5.1a is affected.
- Version 17.6.1 is affected.
- Version 17.6.2 is affected.
- Version 17.6.1w is affected.
- Version 17.6.1a is affected.
- Version 17.6.1x is affected.
- Version 17.6.3 is affected.
- Version 17.6.1y is affected.
- Version 17.6.1z is affected.
- Version 17.6.3a is affected.
- Version 17.6.4 is affected.
- Version 17.6.1z1 is affected.
- Version 17.6.5 is affected.
- Version 17.6.6 is affected.
- Version 17.6.6a is affected.
- Version 17.6.5a is affected.
- Version 17.6.7 is affected.
- Version 17.7.1 is affected.
- Version 17.7.1a is affected.
- Version 17.7.1b is affected.
- Version 17.7.2 is affected.
- Version 17.10.1 is affected.
- Version 17.10.1a is affected.
- Version 17.10.1b is affected.
- Version 17.8.1 is affected.
- Version 17.8.1a is affected.
- Version 17.9.1 is affected.
- Version 17.9.1w is affected.
- Version 17.9.2 is affected.
- Version 17.9.1a is affected.
- Version 17.9.1x is affected.
- Version 17.9.1y is affected.
- Version 17.9.3 is affected.
- Version 17.9.2a is affected.
- Version 17.9.1x1 is affected.
- Version 17.9.3a is affected.
- Version 17.9.4 is affected.
- Version 17.9.1y1 is affected.
- Version 17.9.5 is affected.
- Version 17.9.4a is affected.
- Version 17.9.5a is affected.
- Version 17.9.5b is affected.
- Version 17.11.1 is affected.
- Version 17.11.1a is affected.
- Version 17.12.1 is affected.
- Version 17.12.1w is affected.
- Version 17.12.1a is affected.
- Version 17.12.1x is affected.
- Version 17.12.2 is affected.
- Version 17.12.3 is affected.
- Version 17.12.2a is affected.
- Version 17.12.1y is affected.
- Version 17.12.3a is affected.
- Version 17.13.1 is affected.
- Version 17.13.1a is affected.
- Version 17.11.99SW is affected.
Exploit Probability
EPSS
0.32%
Percentile
54.79%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.