PT-2018-8661 · Cisco · Cisco Ios Xe

Published

2018-03-28

Updated

2019-10-09

CVE-2018-0195

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The issue is due to insufficient authorization checks for requests sent to the REST API. An attacker could exploit this by sending a malicious request to an affected device via the REST API, potentially allowing them to bypass authorization checks and perform privileged actions.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-0195

Affected Products

Cisco Ios Xe

PT-2018-8661 · Cisco · Cisco Ios Xe

CVE-2018-0195

Weakness Enumeration

Related Identifiers

Affected Products

References · 4