What is CVE-2019-12643?

CVE-2019-12643 is a critical-severity vulnerability in Cisco Ios Xe Software, classified under Improper Authentication. CVSS score: 10.0/10. Published 2019-08-28.

How severe is CVE-2019-12643?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2019-12643 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Cisco Ios Xe Software

CVE-2019-12643

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper…

Vulnerability class: Broken Authentication

EPSS: 0.154 (94.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cisco Ios Xe Software — versions unspecified

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

alphaSeclab/sec-daily-2019

References

20190828 Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2019-12643?: CVE-2019-12643 is a critical-severity vulnerability in Cisco Ios Xe Software, classified under Improper Authentication. CVSS score: 10.0/10. Published 2019-08-28.
How severe is CVE-2019-12643?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2019-12643 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.