Cisco IOS and IOS XE AAA Authorization Bypass Vulnerability (Bug ID CSCtr91106)

Cisco IOS and IOS XE AAA Authorization Bypass Vulnerability (Bug ID CSCtr91106)

CVE-2012-0384 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.

Learn more about our Cis Benchmark Audit For Apple Ios.