A critical vulnerability in Cisco REST API virtual service container allows a remote attacker to bypass the authentication on the managed Cisco IOS XE device. This vulnerability affects Cisco devices that are configured to use a vulnerable version of Cisco REST. At the time of publication, this vulnerability affected the following products: Cisco 4000 Series Integrated Services Routers, ASR 1000 Series Aggregation services Routers and Cisco Cloud Services Router 1000V Series. The vulnerability affects those products that use Ciscos Rrest API service container. It also allows a local attacker to gain elevated privileges.”]
Source: https://gbhackers.com/bug-in-rest-api-bypass-cisco-ios-xe/