Cisco has discovered a vulnerability that leaves devices running its IOS XE operating system open to malicious attacks.
The vulnerability, dubbed CVE-2019-12643, allows attackers to bypass authentication checks and execute privileged commands on a device running Cisco IOS XE, the operating system installed on Cisco’s enterprise network devices.
The issue stems from an improper authentication check performed by the area of code that manages the REST API, an alternative method for provisioning certain functions on Cisco devices, running in a virtual services container.
The vulnerability can be exploited if an attackers sends specifically crafted HTTP requests to a vulnerable device, exposing an authenticated users’ token-id and allowing them to skip the authentication check with a password.
The bug affects the following devices:
- Cisco 400 Series Integrated Services Routers
- Cisco ASR 1000 Series Aggregation Service Routers
- Cisco Cloud Services Router 1000V Series
- Cisco Integrated Services Virtual Router
Cisco gave the vulnerability a CVSS rating (common vulnerability score system) of 10 out of 10, the highest possible score, ranking the bug as ‘critical’. Despite its severity, Cisco noted that specific requirements need to be met for an attacker to actually exploit the bug.
The device needs to be running an affected Cisco IOS XE software release, have the REST API installed and enabled (it’s disabled by default) and an authorized user with admin credentials up to level 15 needs to be authenticated to the REST API interface.
Cisco has already released a patch for the bug on its website. More details can be found here.