The appeal of exploiting this flaw is that it would allow an attacker to target internal networks or admins without setting off any alarms.Īn attacker who successfully exploits the flaw can perform any actions they want with the same privilege level of the affected user. In an attack scenario, a CSRF exploit could be hidden inside malicious ads, lending itself to weaponization in an exploit kit. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link," Cisco explains. "The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. Cisco confirmed the bug doesn't affect IOS, IOS XR, or NX-OS variants. SEE: 10 tips for new cybersecurity pros (free PDF)Ĭisco IOS XE is the Linux-based version of the company's internetworking operating system (IOS), used on numerous enterprise routers and Cisco Catalyst switches. This newly disclosed issue, tracked as CVE-2019-1904, can be exploited by a remote attacker using a cross-site request forgery (CSRF) attack on affected systems. The best antivirus software and apps: Keep your PC, phone, and tablet safe.How tech is a weapon in modern domestic abuse - and how to protect yourself.
Microsoft: New browser feature is 'huge step forward' against zero-day threats.
0 kommentar(er)
