Platform
cisco
Component
cisco-rest-api-container
Fixed in
16.09.03
CVE-2019-12643 is a critical authentication bypass vulnerability affecting the Cisco REST API Container. This flaw allows an unauthenticated, remote attacker to bypass authentication on managed Cisco IOS XE devices, potentially leading to unauthorized access and control. The vulnerability impacts versions of the Cisco REST API Container up to and including 16.09.03. A fix is available in version 16.09.03.
Successful exploitation of CVE-2019-12643 allows an attacker to bypass authentication and obtain the token-id of an authenticated user. This token-id can then be leveraged to execute privileged commands and gain complete control over the affected Cisco IOS XE device. The potential impact is severe, encompassing data breaches, system compromise, and disruption of network services. This vulnerability shares similarities with other authentication bypass flaws where stolen or bypassed credentials grant attackers elevated privileges, potentially enabling lateral movement within the network.
CVE-2019-12643 was publicly disclosed on August 28, 2019. While no active exploitation campaigns have been definitively linked to this CVE, the critical severity and ease of exploitation make it a potential target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are available, increasing the risk of exploitation.
Exploit Status
EPSS
15.41% (95% percentile)
CVSS Vector
The primary mitigation for CVE-2019-12643 is to upgrade the Cisco REST API Container to version 16.09.03 or later. If immediate upgrade is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful attack. Restrict access to the REST API endpoints to only authorized users and systems. Monitor REST API logs for suspicious activity, particularly failed authentication attempts and unusual request patterns. While a WAF cannot directly prevent this bypass, it can help detect and block malicious requests based on known attack patterns. After upgrade, confirm by verifying the version number of the REST API Container using the show version command on the Cisco IOS XE device.
Update the Cisco IOS XE software to version 16.09.03 or later. See the Cisco advisory for more details and specific instructions for your device.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-12643 is a critical vulnerability in the Cisco REST API Container allowing unauthenticated attackers to bypass authentication and potentially gain privileged access to Cisco IOS XE devices.
You are affected if you are running Cisco REST API Container versions 16.09.03 or earlier. Check your device versions against the affected range.
Upgrade the Cisco REST API Container to version 16.09.03 or later. Implement network segmentation and restrict access to REST API endpoints as interim measures.
While no confirmed active campaigns are publicly known, the vulnerability's critical severity and available proof-of-concept exploits suggest a potential for exploitation.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: https://cisco.com/c/en/us/products/security/center/content/cisco-security-advisories/cisco-sa-20190828-restapi.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.