Details of VAR-201908-0267

ID

VAR-201908-0267

CVE

CVE-2019-12643

TITLE

Cisco IOS XE Software authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-008812

DESCRIPTION

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information. The following products and versions are affected: Cisco 4000 Series Integrated Services Routers; ASR 1000 Series Aggregation Services Routers; Cloud Services Router 1000V Series; Integrated Services Virtual Router

Trust: 1.71

sources: NVD: CVE-2019-12643 // JVNDB: JVNDB-2019-008812 // VULHUB: VHN-144410

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	15.5\(3\)s3.16	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008812 // NVD: CVE-2019-12643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12643
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12643
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-12643
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201908-2149
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-144410
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12643
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144410
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12643
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149 // NVD: CVE-2019-12643 // NVD: CVE-2019-12643

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // NVD: CVE-2019-12643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2149

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-2149

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008812

PATCH

title:	cisco-sa-20190828-iosxe-rest-auth-bypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass	Trust: 0.8
title:	Cisco IOS XE Software Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97634	Trust: 0.6

sources: JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12643	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008812	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-2149	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3278.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3278	Trust: 0.6
db:	VULHUB	id:	VHN-144410	Trust: 0.1

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149 // NVD: CVE-2019-12643

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-iosxe-rest-auth-bypass	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12643	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12643	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3278.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-rest-api-30185	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3278/	Trust: 0.6

sources: VULHUB: VHN-144410 // JVNDB: JVNDB-2019-008812 // CNNVD: CNNVD-201908-2149 // NVD: CVE-2019-12643

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is publicly available for the vulnerability described in this advisory. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201908-2149

SOURCES

db:	VULHUB	id:	VHN-144410
db:	JVNDB	id:	JVNDB-2019-008812
db:	CNNVD	id:	CNNVD-201908-2149
db:	NVD	id:	CVE-2019-12643

LAST UPDATE DATE

2024-08-14T14:51:06.445000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144410	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-008812	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-2149	date:	2019-10-21T00:00:00
db:	NVD	id:	CVE-2019-12643	date:	2019-10-09T23:45:56.513

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144410	date:	2019-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-008812	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-2149	date:	2019-08-28T00:00:00
db:	NVD	id:	CVE-2019-12643	date:	2019-08-28T19:15:10.757