SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS AAA Command Authorization Feature May Let Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1015543
SecurityTracker URL:  http://securitytracker.com/id/1015543
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 25 2006
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.0T and later
Description:   A vulnerability was reported in Cisco IOS in the Authentication, Authorization, and Accounting (AAA) command authorization feature. A remote authenticated user may be able to gain elevated privileges.

Commands executed from the Tool Command Language (Tcl) exec shell are not properly validated. A remote authenticated user may be able to bypass command authorization checks in some configurations to execute any IOS EXEC command at the user's authenticated privilege level.

Devices that run the AAA command authorization feature and support the Tcl functionality may be affected.

Cisco has assigned Bug ID CSCeh73049 to this vulnerability.

The system may also allow a remote authenticated user to enter Tcl Shell mode automatically if a previous user was in Tcl Shell mode and terminated the session before leaving the Tcl Shell mode. The previous Tcl Shell process will remain active and attached to the corresponding virtual type terminal VTY or teletypewriter TTY line. As a result, the remote authenticated user may be able to execute commands with the privileges of the previous user.

Cisco has assigned Bug ID CSCef77770 to this vulnerability. Only 12.3T, 12.4, and 12.2(25)S and onward trains are affected by this second issue.

The vendor credits Nicolas Fischbach of COLT Telecom with reporting this vulnerability.

Impact:   A remote authenticated user may be able to gain elevated privileges.
Solution:   The vendor has issued a fix. A patch matrix is availabe in the vendor's advisory at:

http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml (Links to External Site)
Cause:   Access control error, Input validation error, State error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 25 Jan 2006 12:50:41 -0500
Subject:  Cisco Security Notice: Response to AAA Command Authorization by-pass


http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC