Description
The Cisco Corporation has recently released security updates to address vulnerabilities in Cisco IOS XE. It is recommended that you take the necessary precautions by ensuring your products are always updated.
Summary
A vulnerability in the web-based UI (Web UI) of CISCO XE Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. Cisco has released software updates which addresses this vulnerability. Note there are no workarounds that can address this vulnerability.
High
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf
The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.
Reference
Cisco Releases Security Updates for CISCO IOS XE (US-Cert)
https://www.us-cert.gov/ncas/current-activity/2019/06/12/Cisco-Releases-Security-Update-Cisco-IOS-XE