CVE-2012-0384

high-risk
Published 2012-03-29

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.

Do I need to act?

-
0.45% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (20)

Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios

Affected Vendors

Cisco

References (10)

Broken Link http://osvdb.org/80704
Third Party Advisory http://secunia.com/advisories/48614
Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
Third Party Advisory http://www.securityfocus.com/bid/52755
Third Party Advisory http://www.securitytracker.com/id?1026860
Broken Link http://osvdb.org/80704
Third Party Advisory http://secunia.com/advisories/48614
Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
Third Party Advisory http://www.securityfocus.com/bid/52755
Third Party Advisory http://www.securitytracker.com/id?1026860
61
/ 100
high-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 33/34 · Critical