Design/Logic Flaw

2020-06-0318:15:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass.

CPENameOperatorVersion
ios_xeeq16.10.1
ios_xeeq16.12.1
ios_xeeq16.11.1
ios_xeeq16.11.197
ios_xeeq16.12.199
ios_xeeq16.12.1116
ios_xeeq16.12.1115
ios_xeeq16.12.197
ios_xeeq16.11.199
ios_xeeq16.11.198

Name	Operator	Version
ios_xe	eq	16.10.1
ios_xe	eq	16.12.1
ios_xe	eq	16.11.1
ios_xe	eq	16.11.197
ios_xe	eq	16.12.199
ios_xe	eq	16.12.1116
ios_xe	eq	16.12.1115
ios_xe	eq	16.12.197
ios_xe	eq	16.11.199
ios_xe	eq	16.11.198