VDB
CVE-2012-0384
CVE-2012-0384
PUBLISHED
CVSS 7.199999809265137 HIGH
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.
EPSS 0.44% · 63.8th percentile
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.44%
63.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios_xe | 2.6.1, 2.6.2, 3.1.0s |
| cisco | ios | 12.2\(2\)xb15, 12.2\(2\)xc1, 12.2\(2\)xf |
| n/a | n/a | n/a |
Exploit Intelligence
- 80704 (circl)
- 20120328 Cisco IOS Software Command Authorization Bypass (circl)
- 1026860 (circl)
- 48614 (circl)
- 52755 (circl)
Timeline
- Mar 28, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 80704 vdb
- 20120328 Cisco IOS Software Command Authorization Bypass vendor-advisory
- 1026860 vdb
- 48614 third-party-advisory
- 52755 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-0384 advisory