Hacks

Cisco released a security update for critical Authentication Bypass vulnerability that resides in the Cisco REST API virtual service container for Cisco IOS XE Software allows a remote attacker to bypass the authentication in managed Cisco devices. Cisco IOS XE is an internetworking OS that mainly deployed in Cisco ARS 1000 series routers and Catalyst  switches  such as 3850 that operating in enterprise wired and wireless access, aggregation, core, and WAN. An Authentication Bypass vulnerability affected the Cisco IOS XE due to an improper check performed by the area of code that manages the REST API authentication service. Cisco REST API is an application that running in the virtual service container, a virtualized environment on a device. An attacker could exploit the vulnerability by sending malicious HTTP requests to the targeted device. Once the target system has been successfully exploited, the attacker to obtain the  token-id  of an authenticated u...