Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

critical Nessus Plugin ID 128325
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device.
The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvn93524, CSCvo47376

See Also

http://www.nessus.org/u?dc00ad5e

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn93524

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo47376

Plugin Details

Severity: Critical

ID: 128325

File Name: cisco-sa-20190828-iosxe-rest-auth-bypass.nasl

Version: 1.10

Type: local

Family: CISCO

Published: 8/29/2019

Updated: 1/8/2021

Dependencies: cisco_ios_xe_version.nasl

Risk Information

CVSS Score Source: CVE-2019-12643

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version, Host/Cisco/IOS-XE/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 8/28/2019

Vulnerability Publication Date: 8/28/2019

Reference Information

CVE: CVE-2019-12643

CISCO-BUG-ID: CSCvn93524, CSCvo47376

CISCO-SA: cisco-sa-20190828-iosxe-rest-auth-bypass

IAVA: 2019-A-0316

CWE: 287