SB2017092802 - Authentication bypass in Web UI REST API in Cisco IOS XE
Published: September 28, 2017
Security Bulletin ID
SB2017092802
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Authentication bypass (CVE-ID: CVE-2017-12229)
The vulnerability allows a remote attacker to bypass authentication and gain access to vulnerable device.
The vulnerability exist due to improper implementation of authentication in REST API of web-based user-interface. A remote attacker can send a specially crafted HTTP request to the affected device, bypass implemented authentication mechanisms and gain full access to the vulnerable system.
Successful exploitation of the vulnerability may result in unrestricted access to the vulnerable device.
Remediation
Install update from vendor's website.