Cisco IOS XE Software includes a web server that provides a web-based interface for configuration and monitoring of the device. This web server is accessible over the network by users of an affected device who are authenticated by a RADIUS server. In order to exploit this vulnerability, an attacker would have to have access to an authenticated network in which to launch the attack. Access controls such as authentication and authorization would have to be bypassed in order for an attacker to exploit this vulnerability. Cisco IOS XE Software includes web server features that allow users to view and modify the device’s configuration. These features are accessible over the network by users who are authenticated by a RADIUS server. An attacker would need to have access to an authenticated network in order to exploit this vulnerability. Access controls such as authentication and authorization would have to be bypassed in order for an attacker to exploit this vulnerability. Cisco IOS XE Software includes a web server that provides a web-based interface for configuration and monitoring of the device. This web server is accessible over the network by users of an affected device who are authenticated by a RADIUS server. In order to exploit this vulnerability, an attacker would have to have access to an authenticated network in which to launch the attack
How Does the Cisco IOS XE Software Web Server Vulnerability Help?
An attacker could exploit this vulnerability by uploading a malicious configuration file to the web server. If successful, the file would be executed and cause significant collateral effects that may result in a denial of service (DoS) condition.
Overview of the vulnerability
In order to exploit this vulnerability, an attacker would have to have access to an authenticated network in which to launch the attack. Access controls such as authentication and authorization would have to be bypassed in order for an attacker to exploit this vulnerability. Additionally, Cisco IOS XE Software includes web server features that allow users to view and modify the device’s configuration. These features are accessible over the network by users who are authenticated by a RADIUS server. An attacker would need to have access to an authenticated network in order to exploit this vulnerability. This vulnerability is related to CVE-2019-20693
Affected Software
Cisco IOS XE Software is affected by this vulnerability.
Vulnerable Packet Tracer
The vulnerability is an authentication bypass vulnerability, which would allow an attacker to gain unauthorized access to the vulnerable device. The vulnerability affects all software versions of Cisco IOS XE.
Vulnerable Packet Tracer
Timeline
Published on: 04/15/2022 15:15:00 UTC
Last modified on: 04/25/2022 18:42:00 UTC