Dashboard Toolbox - VM DASHBOARD BETA: QID 316494 - CISCO IOS XE Software Authentication Bypass Widget

Document created by Felix Jimenez Employee on Aug 29, 2019Last modified by Robert Dell'Immagine on Aug 29, 2019
Version 14Show Document
  • View in full screen mode

Qualys has published a dashboard widget to help organizations visualize their exposure to the new Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability (CVE-2019-12643).

 

This vulnerability could allow a remote attacker to bypass authentication on devices running an outdated version of Cisco REST API virtual service container. The security issue is tracked as CVE-2019-12643 and has received a maximum severity rating score of 10 based on CVSS v3 Scoring system.

 

Steps for detection and remediation, including reference to this dashboard widget, are detailed in the Qualys Blog at Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability – (CVE-2019-12643)

 

Dashboard Widget

As shown below, the widget shows the number of affected systems detected per day so that you can visually track progress towards remediation of this vulnerability across your organization.

 

You can search for this new QID in AssetView or within the VM Dashboard by using the following QQL query:

 

vulnerabilities.vulnerability.qid:316494
vulnerabilities.vulnerability.cveId:`CVE-2019-12643`

The widget can be imported into the VM Dashboard Beta in your Qualys subscription, and is attached to this document as REST_API_Container_for_IOS_XE_Software_Auth_Bypass_VMwidget.json.zip.

 

Dashboard Widget for Visualizing Cisco Vulnerability CVE-2019-12643

 

NVD Vulnerability Severity Ratings

NVD provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification.

CVSS v3.0 Ratings
SeverityBase Score Range
None0.0
Low0.1-3.9
Medium4.0-6.9
High7.0-8.9
Critical9.0-10.0

 

How to Enable Trending on the Widgets

Open the desired widget in edit mode and select the Collect trend data checkbox.

 

External References:

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - -  

 

* * * WARNING: Read Before Downloading * * *

At this time, Dashboard and Widget JSON files are not interchangeable between application dashboards, meaning Vulnerability Management Beta Dashboard JSON files may only be used in VM Dashboard and AssetView JSON files may only be used in AssetView. If you make a mistake and import a JSON file from one application into the other, you must contact Qualys Support to have the error corrected in the database for your subscription. 

 

Again, there is no way to reverse this mistake within the UI, it must be done in the database.

 

 

Back toDashboards and Reporting Resources - Start Here 

1 person found this helpful

Outcomes