How to Buy
This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
According to its self-reported version and configuration, the Cisco
IOS software running on the remote device is affected by a security
bypass vulnerability in the Authentication, Authorization, and
Accounting (AAA) feature. An authenticated, remote attacker can
exploit this, via an HTTP or HTTPS session, to bypass access
restrictions and execute any IOS command that is configured for the
authorization level. This vulnerability requires that the HTTP or
HTTPS server is enabled on the Cisco IOS device.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120328-pai. Alternatively, the HTTP server may be disabled
as a workaround.
Risk factor :
High / CVSS Base Score : 8.5
CVSS Temporal Score : 6.3
Public Exploit Available : false
Nessus Plugin ID: 58570 ()
Bugtraq ID: 52755
CVE ID: CVE-2012-0384
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.