CVE-2017-12229

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.1 through 16.5

Description A vulnerability in the REST API of the web-based user interface of Cisco IOS XE could allow an unauthenticated, remote attacker to bypass authentication by sending a malicious API request to an affected device. The issue is due to insufficient input validation for the REST API. A successful exploit could allow the attacker to gain access to the web UI of the affected software. This vulnerability affects devices with the HTTP Server feature enabled.

Recommendations For Cisco IOS XE versions 3.1 through 16.5, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. As a temporary workaround, consider disabling the HTTP Server feature to minimize the risk of exploitation.