SB2019090207 - Authentication bypass in Cisco REST API Container for IOS XE

Security Bulletin ID SB2019090207

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2019-12643)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an improper check performed by the area of code that manages the REST API authentication service. A remote attacker can submit malicious HTTP requests to the targeted device, obtain the token-id of an authenticated user, bypass authentication and execute privileged actions through the interface of the REST API virtual service container.

This vulnerability affects the following devices that are configured to use a vulnerable version of Cisco REST API virtual service container:

Cisco 4000 Series Integrated Services Routers
Cisco ASR 1000 Series Aggregation Services Routers
Cisco Cloud Services Router 1000V Series
Cisco Integrated Services Virtual Router

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass