Cisco patches a critical vulnerability in the web-based UI (web UI) of Cisco IOS XE Software that could cause allow an unauthenticated, remote attacker to perform a CSRF attack on the vulnerable system. The vulnerability is due to a lack of validation in the web UI, which allows an attacker to exploit this vulnerability by convincing the current user to follow the malicious link.
Read full article on GBHackers