Rapid7 Vulnerability & Exploit Database

Cisco XE: CVE-2018-0195: Cisco IOS XE Software REST API Authorization Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Cisco XE: CVE-2018-0195: Cisco IOS XE Software REST API Authorization Bypass Vulnerability

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
03/28/2018
Created
08/02/2019
Added
07/30/2019
Modified
01/05/2024

Description

A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428.

Solution(s)

  • cisco-xe-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;