N/A

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.

N/A

N/A

Cisco IOS授权安全限制绕过漏洞

Cisco IOS是美国思科（Cisco）公司为其网络设备开发的操作系统。 Cisco IOS软件使用AAA授权时在远程应用或设备权限级别的实现上存在安全漏洞。远程未验证攻击者可绕过命令授权，允许远程已验证的HTTP或HTTPS会话执行其授权级别上配置的所有Cisco IOS命令。该漏洞需要在设备上启用HTTP或HTTPS服务器。成功利用需要有效的用户名和密码。

N/A

N/A