cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
185
Views
25
Helpful
4
Replies
Beginner

CSCvn93524 - Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

We have two 4351 ISRs that were running Everest 16.6.5 IOS that a security scan showed had this vulnerability even without the REST API being installed and activated.  We upgraded to the referenced fixed IOS 16.6.6 however our scans still show this vulnerability active.  Any thoughts?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Community Legend

Re: CSCvn93524 - Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

If you can't even enter the command then it means that you're not going to be impacted.
4 REPLIES 4
Highlighted
Hall of Fame Community Legend

Re: CSCvn93524 - Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

Can you post the output to the command "show virtual-service detail | include Restful"?
Beginner

Re: CSCvn93524 - Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

We never installed/configured the REST API so the command isn't available.  However Nessus is still being triggered on this vulnerability.  Unfortunately Nessus doesn't show an output for what criteria is matching for this vulnerability.  It even shows the IOS version 16.6.6 which in the Bug Report is listed as a fixed version.

 

XXXXXXX#show v?
vasi version vlan vlan-autoconfig
vlan-range vlans vmi vnet
vpdn vrf vrrp vrrs
vtemplate vtp

XXXXXXX#show vir?
% Unrecognized command

Hall of Fame Community Legend

Re: CSCvn93524 - Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

If you can't even enter the command then it means that you're not going to be impacted.
Beginner

Re: CSCvn93524 - Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

That's what I was hoping.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards