Cisco released a security update for critical Authentication Bypass vulnerability that resides in the Cisco REST API virtual service container for Cisco IOS XE Software allows a remote attacker to bypass the authentication in managed Cisco devices. An attacker could exploit the vulnerability by sending malicious HTTP requests to the targeted device. The vulnerability affects Cisco ARS 1000 series routers and Catalyst switches such as 3850 that operate in enterprise wired and wireless access, aggregation, core, core and WAN. The vulnerability was caused by an improper check performed by the area of code that manages the REST API authentication service.”]
Source: https://gbhackers.com/authentication-bypass-vulnerability/