CVE-2012-0384

Sažetak

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.

Reference

http://osvdb.org/80704
http://secunia.com/advisories/48614
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai
http://www.securityfocus.com/bid/52755
http://www.securitytracker.com/id?1026860

CVSS

Base:	8.5
Impact:	10.0
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

27-09-2019 - 18:06

Objavljeno

29-03-2012 - 11:01