Yet another hole in the web interface
"An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication"
Yet another hole in the web interface. Why didn't Cisco pick this up at the code review and vulnerability stage. They did test it for such vulnerabilities at the design stage .. agile, devOps waterfall etc ..