Cisco issued a security advisory about the IOS XE operating system. The authentication flaw was assigned a severity score of 10 out of 10. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. The way out of this one is to patch. Yes, they did fix the code. Cisco also released a. optional hardened version of XE that will not allow installation or activation of a vulnerable-to-the-flaw container device.”]
Source: https://www.darkreading.com/abtv/cisco-maxes-out-its-cve-severity/a/d-id/753791