Home Cisco CVE-2012-0384
Back to Cisco

CVE-2012-0384

Cisco IOS - AAA Authorization Component

Cisco CVSS 7.2 Updated April 30, 2026

Executive Risk Summary

"A vulnerability in the Cisco IOS AAA authorization component allows remote authenticated users to bypass intended access restrictions and execute commands via HTTP or HTTPS sessions. This vulnerability affects various Cisco IOS versions, including 12.2 through 12.4 and 15.0 through 15.2, as well as IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S."

Anticipated Attack Path

  1. 1. Step 1: Authenticate to the Cisco IOS device
  2. 2. Step 2: Establish an HTTP or HTTPS session
  3. 3. Step 3: Execute commands bypassing access restrictions

Am I Vulnerable?

  • Verify Cisco IOS version and patch level
  • Check AAA authorization configuration
  • Monitor for suspicious command execution

Operational Audit Arsenal

Target Type Process
Target Asset iosd
Standard Path /usr/bin

Manual Verification Required

This is a non-Windows asset (Cisco). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Network connectivity may be interrupted during the patching process

Internal Work Notes

Apply Cisco IOS patch to address AAA authorization vulnerability (CSCtr91106) and prevent remote command execution

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://osvdb.org/80704
Official Advisoryhttp://secunia.com/advisories/48614
Official Advisoryhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai
Official Advisoryhttp://www.securityfocus.com/bid/52755
Official Advisoryhttp://www.securitytracker.com/id?1026860
Official Advisoryhttp://osvdb.org/80704
Official Advisoryhttp://secunia.com/advisories/48614
Official Advisoryhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai
Official Advisoryhttp://www.securityfocus.com/bid/52755
Official Advisoryhttp://www.securitytracker.com/id?1026860

Related Cisco Threats

CVE-2026-20079 CVSS 10

Secure Firewall Management Center (FMC) Software
CVE-2026-20127 CVSS 10

Catalyst SD-WAN Controller - Peering Authentication
CVE-2025-20188 CVSS 10

Cisco IOS XE - Wireless LAN Controllers
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.