vulnerability context

CVE-2017-12229

CVSS 9.8 CRITICALEPSS 91%CWE-287

A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco d...

Published 2017-09-29 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.8 / CRITICAL
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 91% percentile (score 0.0512)
CWE: CWE-287
OTX pulses: 0 total, 0 recent

View on NVD → · cve.org

source mentions 1

[CyberHub] 📌 CVE-2017-12229 - A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 thro...Bluesky:@cyberhub.blog · 1d ago

source consensus

Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2017-12229, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →