• CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API Container for Cisco IOS XE
News broke of a critical bug affecting Cisco’s popular IOS XE operating system that powers millions of enterprise network devices around the world. The flaw, tracked as CVE-2019-12643, affects Cisco’s REST application programming interface (API) virtual container for ISO XE and exists because the software doesn’t properly check the code that manages the API’s authentication service.
Background
On August 28, Cisco released 10 advisories to address vulnerabilities across multiple products, including Cisco NX-OS and FXOS, Nexus 9000 Series Fabric Switches and Unified Computing System (UCS) Fabric. The most severe vulnerability, which Cisco rates as critical, exists in the REST API Container for Cisco IOS XE.
Scott Caveza, the research engineering manager at Tenable said, “The critical authentication bypass flaw in Cisco IOS XE could be exploited by an unauthenticated, remote attacker sending specially crafted HTTP requests to a vulnerable device, resulting in the exposure of an authenticated users’ token-id. While the flaw is critical, it’s important to note there are a number of requirements for successful exploitation, including the device has both installed and enabled an affected version of the Cisco REST API virtual service container. In addition, a user must be logged into the device in order to obtain the token-id. Cisco has released iosxe-remote-mgmt.16.03.03.ova, a fixed version of the virtual service container, as well as implemented additional safeguards in updated IOS XE versions.”
• Satnam Narang, Sr. Security Response Manager at Tenable has explained the vulnerability in detail. To read more, please click here.
