Vulnerabilities > CVE-2006-0486 - Local Security vulnerability in Cisco IOS 12.2(25)S/12.3T/12.4

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
cisco
nessus

Summary

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.

Vulnerable Configurations

Part Description Count
OS
Cisco
3

Nessus

NASL familyCISCO
NASL idCSCEH73049.NASL
descriptionThe remote host is a CISCO router containing a version of IOS that is vulnerable to a remote AAA command authorization bypass attack. The remote version of IOS does not enforce AAA command authorization checks for commands etnered in the TCL shell. An attacker with a shell access on the remote route could gain elevated privileges on the remote device.
last seen2020-06-01
modified2020-06-02
plugin id20808
published2006-01-25
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20808
titleCisco IOS TCLSH AAA Command Authorization Bypass (CSCeh73049)

Oval

accepted2009-12-14T04:00:04.606-05:00
classvulnerability
contributors
  • nameYuzheng Zhou
    organizationHewlett-Packard
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
descriptionCertain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
familyios
idoval:org.mitre.oval:def:4905
statusaccepted
submitted2008-05-26T11:06:36.000-04:00
titleCisco IOS AAA Command Authorization Bypass via TCL Shell Reuse Vulnerability
version4