ID CVE-2006-0486
Summary Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
References
Vulnerable Configurations
  • Cisco IOS 12.2(25)S
    cpe:2.3:o:cisco:ios:12.2%2825%29s
  • Cisco IOS 12.3T
    cpe:2.3:o:cisco:ios:12.3t
  • Cisco IOS 12.4
    cpe:2.3:o:cisco:ios:12.4
CVSS
Base: 4.6 (as of 01-02-2006 - 08:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family CISCO
NASL id CSCEH73049.NASL
description The remote host is a CISCO router containing a version of IOS that is vulnerable to a remote AAA command authorization bypass attack. The remote version of IOS does not enforce AAA command authorization checks for commands etnered in the TCL shell. An attacker with a shell access on the remote route could gain elevated privileges on the remote device.
last seen 2019-02-21
modified 2018-06-27
plugin id 20808
published 2006-01-25
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=20808
title Cisco IOS TCLSH AAA Command Authorization Bypass (CSCeh73049)
oval via4
accepted 2009-12-14T04:00:04.606-05:00
class vulnerability
contributors
  • name Yuzheng Zhou
    organization Hewlett-Packard
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
description Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
family ios
id oval:org.mitre.oval:def:4905
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS AAA Command Authorization Bypass via TCL Shell Reuse Vulnerability
version 4
refmap via4
cisco 20060125 Response to AAA Command Authorization by-pass
osvdb 22723
sectrack 1015543
secunia 18613
xf cisco-aaa-tcl-auth-bypass(24308)
Last major update 04-03-2009 - 00:45
Published 31-01-2006 - 21:02
Last modified 10-10-2017 - 21:30
Back to Top