Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw

Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world.

The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to bypass the login for an IOS XE device without the correct password.

The flaw, tracked as CVE-2019-12643, affects Cisco’s REST application programming interface (API) virtual container for ISO XE and exists because the software doesn’t properly check the code that manages the API’s authentication service.

“An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device,” Cisco warns.

Read more…
Source: ZDNet