2018-03-29 00:29:02 2019-10-10 01:31:26

A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Cisco IOS XE Software 3.7s BASE Cisco IOS XE Software 3.7S.7 Cisco IOS XE Software 3.7S.6 Cisco IOS XE Software 3.7S.5 Cisco IOS XE Software 3.7S.4 Cisco IOS XE Software 3.7S.3 Cisco IOS XE Software 3.7S.2 Cisco IOS XE Software 3.7S.1 Cisco IOS XE Software 3.7S.0 Cisco IOS XE 3.7S(.1) Cisco IOS XE 3.7S(.0) Cisco IOS XE Software 3.7S Cisco Ios xe 3.7e 3.7.3e (not an official CPE) Cisco IOS XE Software 3.7E.0 Cisco Ios xe 3.7e (not an official CPE) Cisco Ios xe 3.7.5e (not an official CPE) Cisco IOS XE 3.7.2s Cisco IOS XE 3.7.1s Cisco IOS XE 3.7.0s Cisco IOS XE Software 3.6s BASE Cisco IOS XE Software 3.6S.2 Cisco IOS XE Software 3.6S.1 Cisco IOS XE Software 3.6S.0 Cisco IOS XE 3.6S(.2) Cisco IOS XE 3.6S(.1) Cisco IOS XE 3.6S(.0) Cisco IOS XE Software 3.6S Cisco IOS XE Software 3.6E.1 Cisco IOS XE Software 3.6E.0 Cisco Ios xe 3.6e (not an official CPE) Cisco Ios xe 3.6.7e (not an official CPE) Cisco Ios xe 3.6.6e (not an official CPE) Cisco Ios xe 3.6.5e (not an official CPE) Cisco Ios xe 3.6.5be (not an official CPE) Cisco Ios xe 3.6.5ae (not an official CPE) Cisco IOS XE 3.6.2s Cisco IOS XE 3.6.1s Cisco IOS XE 3.6.0s Cisco Ios xe 3.5sq (not an official CPE) Cisco IOS XE Software 3.5s BASE Cisco IOS XE Software 3.5S.2 Cisco IOS XE Software 3.5S.1 Cisco IOS XE Software 3.5S.0 Cisco IOS XE 3.5S(.2) Cisco IOS XE 3.5S(.1) Cisco IOS XE 3.5S(.0) Cisco IOS XE Software 3.5S Cisco IOS XE Software 3.5E.3 Cisco IOS XE Software 3.5E.2 Cisco IOS XE Software 3.5E.1 Cisco IOS XE Software 3.5E.0 Cisco IOS XE 3.5E Cisco IOS XE 3.5.xS Cisco Ios xe 3.5.5sq (not an official CPE) Cisco Ios xe 3.5.4sq (not an official CPE) Cisco IOS XE 3.5.2s Cisco IOS XE 3.5.1s Cisco IOS XE 3.5.0s Cisco IOS XE 3.4SQ.1 Cisco IOS XE 3.4SQ.0 Cisco Ios xe 3.4sq (not an official CPE) Cisco Ios xe 3.4sg 3.4.7sg (not an official CPE) Cisco IOS XE Software 3.4SG.5 Cisco IOS XE Software 3.4SG.4 Cisco IOS XE Software 3.4SG.3 Cisco IOS XE Software 3.4SG.2 Cisco IOS XE Software 3.4SG.1 Cisco IOS XE Software 3.4SG.0 Cisco Ios xe 3.4sg (not an official CPE) Cisco Ios xe 3.4s 3.4.6s (not an official CPE) Cisco Ios xe 3.4s 3.4.5s (not an official CPE) Cisco Ios xe 3.4s 3.4.4s (not an official CPE) Cisco Ios xe 3.4s 3.4.3s (not an official CPE) Cisco Ios xe 3.4s 3.4.2s (not an official CPE) Cisco Ios xe 3.4s 3.4.1s (not an official CPE) Cisco Ios xe 3.4s 3.4.0s (not an official CPE) Cisco Ios xe 3.4s 3.4.0as (not an official CPE) Cisco IOS XE Software 3.4S.6 Cisco IOS XE Software 3.4S.5 Cisco IOS XE Software 3.4S.4 Cisco IOS XE Software 3.4S.3 Cisco IOS XE Software 3.4S.2 Cisco IOS XE Software 3.4S.1 Cisco Ios xe 3.4s.0a (not an official CPE) Cisco IOS XE Software 3.4S.0 Cisco IOS XE 3.4S(.6) Cisco IOS XE 3.4S(.5) Cisco IOS XE 3.4S(.4) Cisco IOS XE 3.4S(.3) Cisco IOS XE 3.4S(.2) Cisco IOS XE 3.4S(.1) Cisco IOS XE 3.4S(.0) Cisco Ios xe 3.4s (not an official CPE) Cisco IOS XE 3.4.xS Cisco Ios xe 3.4.9sg (not an official CPE) Cisco Ios xe 3.4.8sg (not an official CPE) Cisco Ios xe 3.4.7sg (not an official CPE) Cisco Ios xe 3.4.7asg (not an official CPE) Cisco Ios xe 3.4.6sg (not an official CPE) Cisco Ios xe 3.4.5sg (not an official CPE) Cisco IOS XE 3.4.5s Cisco Ios xe 3.4.4sg (not an official CPE) Cisco IOS XE 3.4.4s Cisco Ios xe 3.4.3sg (not an official CPE) Cisco IOS XE 3.4.3s Cisco Ios xe 3.4.2sg (not an official CPE) Cisco IOS XE 3.4.2s Cisco Ios xe 3.4.1sg (not an official CPE) Cisco IOS XE 3.4.1s Cisco Ios xe 3.4.0sg (not an official CPE) Cisco IOS XE 3.4.0s Cisco IOS XE 3.4.0as Cisco IOS XE Software 3.3XO.2 Cisco IOS XE Software 3.3XO.1 Cisco IOS XE Software 3.3XO.0 Cisco Ios xe 3.3xo (not an official CPE) Cisco IOS XE 3.3SQ.1 Cisco IOS XE 3.3SQ.0 Cisco Ios xe 3.3sq (not an official CPE) Cisco Ios xe 3.3sg 3.3.2sg (not an official CPE) Cisco Ios xe 3.3sg 3.3.1sg (not an official CPE) Cisco Ios xe 3.3sg 3.3.0sg (not an official CPE) Cisco IOS XE Software 3.3SG.2 Cisco IOS XE Software 3.3SG.1 Cisco IOS XE Software 3.3SG.0 Cisco Ios xe 3.3sg (not an official CPE) Cisco Ios xe 3.3se (not an official CPE) Cisco Ios xe 3.3s 3.3.2s (not an official CPE) Cisco Ios xe 3.3s 3.3.1s (not an official CPE) Cisco Ios xe 3.3s 3.3.0s (not an official CPE) Cisco IOS XE Software 3.3S.2 Cisco IOS XE Software 3.3S.1 Cisco IOS XE Software 3.3S.0 Cisco IOS XE 3.3S(.2) Cisco IOS XE 3.3S(.1) Cisco IOS XE 3.3S(.0) Cisco Ios xe 3.3s (not an official CPE) Cisco IOS XE 3.3.3S Cisco Ios xe 3.3.2sg (not an official CPE) Cisco IOS XE 3.3.2s Cisco IOS XE 3.3.1SG Cisco IOS XE 3.3.1s Cisco IOS XE 3.3.0SG Cisco IOS XE 3.3.0s Cisco IOS XE 3.2XO.1 Cisco IOS XE 3.2XO.0 Cisco Ios xe 3.2xo (not an official CPE) Cisco IOS XE 3.2SG.9 Cisco IOS XE 3.2SG.8 Cisco IOS XE 3.2SG.7 Cisco IOS XE 3.2SG.6 Cisco IOS XE 3.2SG.5 Cisco IOS XE 3.2SG.4 Cisco IOS XE 3.2SG.3 Cisco IOS XE 3.2SG.2 Cisco IOS XE 3.2SG.1 Cisco IOS XE 3.2SG.0 Cisco Ios xe 3.2sg (not an official CPE) Cisco IOS XE 3.2SE.3 Cisco IOS XE 3.2SE.2 Cisco IOS XE 3.2SE.1 Cisco IOS XE 3.2SE.0 Cisco Ios xe 3.2se (not an official CPE) Cisco IOS XE Software 3.2S.3 Cisco IOS XE Software 3.2S.2 Cisco IOS XE Software 3.2S.1 Cisco IOS XE Software 3.2S.0 Cisco IOS XE 3.2S(.2) Cisco IOS XE 3.2S(.1) Cisco IOS XE 3.2S(.0) Cisco Ios xe 3.2s (not an official CPE) Cisco Ios xe 3.2ja (not an official CPE) Cisco Ios xe 3.2.11sg (not an official CPE) Cisco IOS XE 3.2.4SG Cisco IOS XE 3.2.3SG Cisco IOS XE 3.2.2SG Cisco IOS XE 3.2.2s Cisco IOS XE 3.2.0SG Cisco IOS XE 3.2.1s Cisco IOS XE 3.2.0xo Cisco IOS XE 3.2.0SG Cisco IOS XE 3.2.0s Cisco IOS XE 3.2.00.xo.15.(2)xo Cisco IOS XE 3.1SG.1 Cisco IOS XE 3.1SG.0 Cisco Ios xe 3.1sg (not an official CPE) Cisco IOS XE Software 3.1S.6 Cisco IOS XE Software 3.1S.5 Cisco Ios xe 3.1s.4a (not an official CPE) Cisco IOS XE Software 3.1S.4 Cisco IOS XE Software 3.1S.3 Cisco IOS XE Software 3.1S.2 Cisco IOS XE Software 3.1S.1 Cisco IOS XE Software 3.1S.0 Cisco IOS XE 3.1S(.3) Cisco IOS XE 3.1S(.2) Cisco IOS XE 3.1S(.1) Cisco IOS XE 3.1S(.0) Cisco Ios xe 3.1s (not an official CPE) Cisco IOS XE 3.1.4s Cisco IOS XE 3.1.3s Cisco IOS XE 3.1.2s Cisco IOS XE 3.1.1SG Cisco IOS XE 3.1.1s Cisco IOS XE 3.1.0SG Cisco IOS XE 3.1.0s Cisco Ios xe 2.6.2a (not an official CPE) Cisco IOS XE 2.6.2 Cisco IOS XE 2.6.1 Cisco IOS XE 2.6.0 Cisco IOS XE 2.6(.2) Cisco IOS XE 2.6(.1) Cisco IOS XE 2.6(.0) Cisco IOS XE 2.5.2 Cisco IOS XE 2.5.1 Cisco IOS XE 2.5.0 Cisco IOS XE 2.5(.0) Cisco IOS XE 2.4.4 Cisco IOS XE 2.4.3 Cisco IOS XE 2.4.2 Cisco IOS XE 2.4.1 Cisco IOS XE 2.4.0 Cisco IOS XE 2.3.2 Cisco IOS XE 2.3.1t Cisco IOS XE 2.3.1 Cisco IOS XE 2.3.0t Cisco IOS XE 2.3.0 Cisco IOS XE 2.2.3 Cisco IOS XE 2.2.2 Cisco IOS XE 2.2.1 Cisco IOS XE 2.1.2 Cisco IOS XE 2.1.1 Cisco IOS XE 2.1.0 Cisco IOS XE Cisco IOS XE 3.8.0s Cisco Ios xe 3.8.1s (not an official CPE) Cisco Ios xe 3.8.2e (not an official CPE) Cisco Ios xe 3.8.2s (not an official CPE) Cisco Ios xe 3.8e (not an official CPE) Cisco Ios xe 3.8e 3.8.1e (not an official CPE) Cisco Ios xe 3.8ex (not an official CPE) Cisco IOS XE Software 3.8S Cisco IOS XE 3.8s(.0) Cisco IOS XE 3.8s(.1) Cisco IOS XE 3.8s(.2) Cisco IOS XE Software 3.8S.0 Cisco IOS XE Software 3.8S.1 Cisco IOS XE Software 3.8S.2 Cisco IOS XE Software 3.8S BASE Cisco Ios xe 3.9.0as (not an official CPE) Cisco IOS XE 3.9.0s Cisco Ios xe 3.9.1as (not an official CPE) Cisco IOS XE 3.9.1s Cisco Ios xe 3.9.2e (not an official CPE) Cisco Ios xe 3.9.2s (not an official CPE) Cisco Ios xe 3.9e (not an official CPE) Cisco Ios xe 3.9s (not an official CPE) Cisco IOS XE Software 3.9S.0 Cisco IOS XE Software 3.9S.1 Cisco IOS XE Software 3.9S.2 Cisco IOS XE 3.10 Cisco IOS XE 3.10.0S Cisco IOS XE 3.10.1S Cisco IOS XE 3.10.1S1 Cisco Ios xe 3.10.1xbs (not an official CPE) Cisco IOS XE 3.10.2S Cisco Ios xe 3.10.3s (not an official CPE) Cisco IOS XE 3.10S.0 Cisco IOS XE Software 3.10S.0A Cisco IOS XE 3.10S.1 Cisco IOS XE 3.10S.2 Cisco IOS XE 3.10S.3 Cisco IOS XE 3.10S.4 Cisco IOS XE 3.10S.5 Cisco Ios xe 3.10s 3.10.2ts (not an official CPE) Cisco Ios xe 3.10s 3.10.7s (not an official CPE) Cisco Ios xe 3.11s (not an official CPE) Cisco IOS XE 3.11S.0 Cisco IOS XE 3.11S.1 Cisco IOS XE 3.11S.2 Cisco IOS XE 3.11S.3 Cisco IOS XE Software 3.11S.4 Cisco IOS XE 3.12S Cisco IOS XE 3.12S.0 Cisco IOS XE 3.12S.1 Cisco IOS XE 3.12S.2 Cisco IOS XE 3.12S.3 Cisco IOS XE 3.13S.0 Cisco IOS XE Software 3.13S.1 Cisco IOS XE Software 3.13S.2 Cisco Ios xe 3.14s (not an official CPE) Cisco IOS XE 3.14S.0 Cisco Ios xe 3.14s.1 (not an official CPE) Cisco Ios xe 3.14s.2 (not an official CPE) Cisco Ios xe 3.14s.3 (not an official CPE) Cisco Ios xe 3.14s.4 (not an official CPE) Cisco Ios xe 3.15.1cs (not an official CPE) Cisco Ios xe 3.15.4s (not an official CPE) Cisco Ios xe 3.15s (not an official CPE) Cisco Ios xe 3.15s.0 (not an official CPE) Cisco Ios xe 3.15s.1 (not an official CPE) Cisco Ios xe 3.15s.2 (not an official CPE) Cisco Ios xe 3.16.0cs (not an official CPE) Cisco Ios xe 3.16.1s (not an official CPE) Cisco Ios xe 3.16.2bs (not an official CPE) Cisco Ios xe 3.16s (not an official CPE) Cisco Ios xe 3.16s.0 (not an official CPE) Cisco Ios xe 3.16s.1 (not an official CPE) Cisco Ios xe 3.17.1as (not an official CPE) Cisco Ios xe 3.17.2s (not an official CPE) Cisco Ios xe 3.17s (not an official CPE) Cisco Ios xe 3.17s.0 (not an official CPE) Cisco Ios xe 3.17s.1 (not an official CPE) Cisco Ios xe 3.17s 3.17.0s (not an official CPE) Cisco Ios xe 3.18.0as (not an official CPE) Cisco Ios xe 3.18.0s (not an official CPE) Cisco Ios xe 3.18s (not an official CPE) Cisco IOS XE 13.10.2S Cisco Ios xe 15.4(3)s (not an official CPE) Cisco Ios xe 16.1.1 (not an official CPE)