A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the malicious user to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco nx-os 8.4\\(2a\\) |
||
cisco nx-os 8.4\\(3\\) |
||
cisco nx-os 8.4\\(3\\)s19 |
||
cisco nx-os 9.3\\(3\\)idi9\\(0.569\\) |
||
cisco nx-os 7.3\\(8\\)n1\\(0.809\\) |
Vulmon