Cisco has released an updated version for its IOS XE software to patch a high severity CSRF vulnerability. The vulnerability affects outdated versions of Cisco’s software and has a severity score of 8.8 out of 10. It exists in the web-based user interface of the product. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. This is possible on systems where the HTTP Server feature is active, a state that is not default across the various versions of software.
Source: https://www.bleepingcomputer.com/news/security/cisco-ios-xe-software-receives-fix-against-high-severity-flaw/