Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

critical Nessus Plugin ID 128325

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device.
The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvn93524, CSCvo47376

See Also

http://www.nessus.org/u?dc00ad5e

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn93524

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo47376

Plugin Details

Severity: Critical

ID: 128325

File Name: cisco-sa-20190828-iosxe-rest-auth-bypass.nasl

Version: 1.12

Type: combined

Family: CISCO

Published: 8/29/2019

Updated: 5/3/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-12643

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version, Host/Cisco/IOS-XE/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 8/28/2019

Vulnerability Publication Date: 8/28/2019

Reference Information

CVE: CVE-2019-12643

CWE: 287

CISCO-SA: cisco-sa-20190828-iosxe-rest-auth-bypass

IAVA: 2019-A-0316-S

CISCO-BUG-ID: CSCvn93524, CSCvo47376