Main Vulnerability Database Vulnerabilities #VU11341

#VU11341 Improper authorization in Cisco IOS XE - CVE-2018-0195

Published: March 29, 2018 / Updated: March 29, 2018

Vulnerability identifier: #VU11341

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0195

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote authenticated attacker to bypass authorization and obtain elevated privileges on the target system.

The weakness exists in the REST API due to insufficient authorization checks for requests that are sent to the REST API. A remote attacker can send a specially crafted request via the REST API, bypass authorization and gain root privileges.

Remediation

Update to versions 16.4.1, 16.4(0.54), 16.3.1, 16.3(0.225) or 16.2(1.31).

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-rest

#VU11341 Improper authorization in Cisco IOS XE - CVE-2018-0195

Description

Remediation

External links

Please verify you're human