PT-2018-8661 · Cisco · Cisco Ios Xe

Publicado

2018-03-28

Atualizado

2019-10-09

CVE-2018-0195

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The issue is due to insufficient authorization checks for requests sent to the REST API. An attacker could exploit this by sending a malicious request to an affected device via the REST API, potentially allowing them to bypass authorization checks and perform privileged actions.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-0195

Produtos afetados

Cisco Ios Xe

PT-2018-8661 · Cisco · Cisco Ios Xe

CVE-2018-0195

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4