ID

VAR-201908-0267


CVE

CVE-2019-12643


TITLE

Cisco IOS XE Software authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-008812

DESCRIPTION

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information. The following products and versions are affected: Cisco 4000 Series Integrated Services Routers; ASR 1000 Series Aggregation Services Routers; Cloud Services Router 1000V Series; Integrated Services Virtual Router

Trust: 1.71

sources: NVD: CVE-2019-12643 // JVNDB: JVNDB-2019-008812 // VULHUB: VHN-144410

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:15.5\(3\)s3.16

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008812 // NVD: CVE-2019-12643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12643
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12643
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-12643
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-2149
value: CRITICAL

Trust: 0.6

VULHUB: VHN-144410
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12643
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144410
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12643
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149 // NVD: CVE-2019-12643 // NVD: CVE-2019-12643

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // NVD: CVE-2019-12643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2149

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-2149

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008812

PATCH

title:cisco-sa-20190828-iosxe-rest-auth-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass

Trust: 0.8

title:Cisco IOS XE Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97634

Trust: 0.6

sources: JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149

EXTERNAL IDS

db:NVDid:CVE-2019-12643

Trust: 2.5

db:JVNDBid:JVNDB-2019-008812

Trust: 0.8

db:CNNVDid:CNNVD-201908-2149

Trust: 0.7

db:AUSCERTid:ESB-2019.3278.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3278

Trust: 0.6

db:VULHUBid:VHN-144410

Trust: 0.1

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149 // NVD: CVE-2019-12643

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-iosxe-rest-auth-bypass

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12643

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12643

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3278.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-rest-api-30185

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3278/

Trust: 0.6

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149 // NVD: CVE-2019-12643

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is publicly available for the vulnerability described in this advisory. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201908-2149

SOURCES

db:VULHUBid:VHN-144410
db:JVNDBid:JVNDB-2019-008812
db:CNNVDid:CNNVD-201908-2149
db:NVDid:CVE-2019-12643

LAST UPDATE DATE

2024-08-14T14:51:06.445000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144410date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008812date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-2149date:2019-10-21T00:00:00
db:NVDid:CVE-2019-12643date:2019-10-09T23:45:56.513

SOURCES RELEASE DATE

db:VULHUBid:VHN-144410date:2019-08-28T00:00:00
db:JVNDBid:JVNDB-2019-008812date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-2149date:2019-08-28T00:00:00
db:NVDid:CVE-2019-12643date:2019-08-28T19:15:10.757