A critical remote authentication-bypass vulnerability with the highest possible severity level of 10 out of 10 on the CvSS scale has been found in the Cisco REST API virtual service container for Cisco IOS XE Software. If exploited, it could allow an unauthenticated, remote attacker to bypass authentication on a managed Cisco device, and gain full control of it. Code-execution and other attacks are possible. The vulnerability is due to an improper check performed by an area of code that manages the REST API authentication service.
Source: https://threatpost.com/critical-cisco-bug-remote-takeover-routers/147826/