{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T21:14:21.975","vulnerabilities":[{"cve":{"id":"CVE-2019-12643","sourceIdentifier":"psirt@cisco.com","published":"2019-08-28T19:15:10.757","lastModified":"2024-11-21T04:23:14.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information."},{"lang":"es","value":"Una vulnerabilidad en el contenedor de servicios virtuales API REST de Cisco para el software Cisco IOS XE podría permitir que un atacante remoto no identificado omita la autenticación en el dispositivo Cisco IOS XE administrado. La vulnerabilidad se debe a una verificación incorrecta realizada por el área de código que administra el servicio de autenticación API REST. Un atacante podría aprovechar esta vulnerabilidad al enviar solicitudes HTTP maliciosas al dispositivo objetivo. Una explotación con éxito podría permitir al atacante obtener el identificador de token de un usuario identificado. Este token-id podría usarse para omitir la autenticación y ejecutar acciones privilegiadas a través de la interfaz del contenedor del servicio virtual REST API en el dispositivo Cisco IOS XE afectado. La interfaz REST API no está habilitada de manera predeterminada y debe instalarse y activarse por separado en dispositivos IOS XE. Vea la sección Detalles para más informació"}],"metrics":{"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:15.5\\(3\\)s3.16:*:*:*:*:*:*:*","matchCriteriaId":"0FE2B344-03AB-44B5-9889-B702AFC57F53"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*","matchCriteriaId":"D83E34F4-F4DD-49CC-9C95-93F9D4D26B42"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"6C8AED7C-DDA3-4C29-BB95-6518C02C551A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"9421DBEF-AE42-4234-B49F-FCC34B804D7F"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"5419CB9F-241F-4431-914F-2659BE27BEA5"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"7DE02DBE-EAD5-4F37-8AB7-DF46A605A0E2"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"5720462A-BE6B-4E84-A1A1-01E80BBA86AD"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"818CEFA6-208C-43C3-8E43-474A93ADCF21"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*","matchCriteriaId":"4CCB8270-A01D-40A6-BF4B-26BAF65E68F3"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}