A Cisco REST API virtual service container security vulnerability for Cisco IOS XE software could allow cybercriminals to bypass authentication on managed Cisco IOS XE devices. The vulnerability has developed due to an improper check performed by the area of code that manages the REST API authentication service, according to a Cisco security advisory.
Cybercriminals can exploit the REST API vulnerability by submitting malicious HTTP requests to targeted IOS XE devices, Cisco noted. If successful, cybercriminals can then obtain the token-id of authenticated users to bypass authentication and execute privileged actions that could affect the IOS XE device.
The REST API vulnerability affects the following products:
- Cisco 4000 Series integrated services routers.
- Cisco ASR 1000 Series aggregation services routers.
- Cisco cloud services router.
- 1000V Series Cisco integrated services virtual router.
There are no workarounds that address the REST API vulnerability, but Cisco has released the iosxe-remote-mgmt.16.03.03.ova software update and added IOS XE safeguards to address the vulnerability. The updates are now available to licensed software users.