Breach, Content

Cisco REST API Container Vulnerability: Here’s What You Need to Know


A Cisco REST API virtual service container security vulnerability for Cisco IOS XE software could allow cybercriminals to bypass authentication on managed Cisco IOS XE devices. The vulnerability has developed due to an improper check performed by the area of code that manages the REST API authentication service, according to a Cisco security advisory.

Cybercriminals can exploit the REST API vulnerability by submitting malicious HTTP requests to targeted IOS XE devices, Cisco noted. If successful, cybercriminals can then obtain the token-id of authenticated users to bypass authentication and execute privileged actions that could affect the IOS XE device.

The REST API vulnerability affects the following products:

  • Cisco 4000 Series integrated services routers.
  • Cisco ASR 1000 Series aggregation services routers.
  • Cisco cloud services router.
  • 1000V Series Cisco integrated services virtual router.

There are no workarounds that address the REST API vulnerability, but Cisco has released the iosxe-remote-mgmt.16.03.03.ova software update and added IOS XE safeguards to address the vulnerability. The updates are now available to licensed software users.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.