CVE-2012-0384
HIGHCisco IOS 12.2-15.2 & IOS XE 2.1.x-3.5.1S Authenticated Privilege Escalation via HTTP/HTTPS
Title source: llmDescription
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.
References (5)
Core 5
Core References
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/80704
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026860
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48614
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52755
Scores
CVSS v3
7.2
EPSS
0.0392
EPSS Percentile
89.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (50)
cisco/ios
12.2
cisco/ios
12.2\(1\)
cisco/ios
12.2\(1\)dx
cisco/ios
12.2\(1\)s
cisco/ios
12.2\(1\)t
cisco/ios
12.2\(1\)xa
cisco/ios
12.2\(1\)xd
cisco/ios
12.2\(1\)xd1
cisco/ios
12.2\(1\)xd3
cisco/ios
12.2\(1\)xd4
... and 40 more
Published
Mar 29, 2012
Tracked Since
Feb 18, 2026