Vigil@nce - Cisco IOS, IOS XE: read-write access via HTTP Client
November 2019 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Impacted products: Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Cisco Router.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 26/09/2019.
DESCRIPTION OF THE VULNERABILITY
An attacker can bypass access restrictions via HTTP Client of Cisco IOS ou IOS XE, in order to read or alter data.
ACCESS TO THE FULL VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Cisco-IOS-IOS-XE-read-write-access-via-HTTP-Client-30423