| CNNVD-ID编号 | CNNVD-201908-2149 | CVE编号 | CVE-2019-12643 |
| 发布时间 | 2019-08-28 | 更新时间 | 2019-10-21 |
| 漏洞类型 | 授权问题 | 漏洞来源 | The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is publicly available for the vulnerability described in this advisory. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory. |
| 危险等级 | 超危 | 威胁类型 | 远程 |
| 厂商 | N/A | ||
Cisco IOS和IOS XE都是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。
Cisco IOS XE Software中的Cisco REST API虚拟服务容器存在授权问题漏洞,该漏洞源于管理REST API身份验证服务的代码区域没有执行正确的检查。远程攻击可通过提交恶意的HTTP请求利用该漏洞获取已认证用户的token-id,绕过身份验证并执行特权操作。以下产品及版本受到影响:Cisco 4000 Series Integrated Services Routers;ASR 1000 Series Aggregation Services Routers;Cloud Services Router 1000V Series;Integrated Services Virtual Router。
目前厂商已发布升级了Cisco IOS XE Software 授权问题漏洞的补丁,Cisco IOS XE Software 授权问题漏洞的补丁获取链接:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
来源:www.auscert.org.au
来源:nvd.nist.gov
来源:tools.cisco.com
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Cisco-IOS-XE-privilege-escalation-via-REST-API-30185
暂无
计算
安全
数据库
网络和加速
AI应用
