Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

critical Nessus Plugin ID 128325


The remote device is missing a vendor-supplied security patch


According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device.
The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.


Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvn93524, CSCvo47376

See Also

Plugin Details

Severity: Critical

ID: 128325

File Name: cisco-sa-20190828-iosxe-rest-auth-bypass.nasl

Version: 1.10

Type: local

Family: CISCO

Published: 8/29/2019

Updated: 1/8/2021

Risk Information


Risk Factor: Medium

Score: 6.5


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2019-12643


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version, Host/Cisco/IOS-XE/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 8/28/2019

Vulnerability Publication Date: 8/28/2019

Reference Information

CVE: CVE-2019-12643

CISCO-BUG-ID: CSCvn93524, CSCvo47376

CISCO-SA: cisco-sa-20190828-iosxe-rest-auth-bypass

IAVA: 2019-A-0316

CWE: 287