Back to search
CVE-2006-0486
Published: Feb 1, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1015543
vdb-entry
x_refsource_SECTRACK
18613
third-party-advisory
x_refsource_SECUNIA
20060125 Response to AAA Command Authorization by-pass
vendor-advisory
x_refsource_CISCO
oval:org.mitre.oval:def:4905
vdb-entry
signature
x_refsource_OVAL
22723
vdb-entry
x_refsource_OSVDB
cisco-aaa-tcl-auth-bypass(24308)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now