### [CVE-2024-20437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20437)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=17.10.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.10.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.10.1b%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.11.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.11.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.11.99SW%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.12.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.12.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.12.1w%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.12.1x%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.12.1y%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.2a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.4a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.4b%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.4c%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.5a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.5b%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.7%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.3.8a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.4.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.4.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.4.1b%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.4.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.4.2a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.5.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.5.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.1w%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.1x%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.1y%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.1z%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.1z1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.3a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.5a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.6.6a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.7.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.7.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.7.1b%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.7.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.8.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.8.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.1a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.1w%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.1x%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.1x1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.1y%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.1y1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.2a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.3a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=17.9.4a%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)&color=brightgreen)

### Description

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.

 This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds