Version Details
Rev: 2 • Jan 28, 2022, 12:00 PMET EXPLOIT Possible Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Attempt (CVE-2019-12643)
alert http any any -> [$HOME_NET,$HTTP_SERVERS] 55443 (msg:"ET EXPLOIT Possible Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Attempt (CVE-2019-12643)"; flow:established,to_server; flowbits:set,ET.Cisco_ABypass; http.request_line; content:"GET /api/v1/auth/token-services/debug HTTP/1.1"; nocase; fast_pattern; http.accept; content:"application/json"; bsize:16; reference:cve,2019-12643; classtype:attempted-admin; sid:2035010; rev:2; metadata:attack_target Server, created_at 2022_01_28, cve CVE_2019_12643, deployment Perimeter, deployment Internal, signature_severity Major, tag Exploit, updated_at 2022_01_28;)
Jan 28, 2022, 12:00 PM
Jan 28, 2022, 12:00 PM
Jan 28, 2022, 12:00 PM
May 31, 2024, 9:00 PM
May 30, 2025, 5:56 PM