Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS AAA Command Authorization Feature May Let Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1015543
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 25 2006
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.0T and later
Description:   A vulnerability was reported in Cisco IOS in the Authentication, Authorization, and Accounting (AAA) command authorization feature. A remote authenticated user may be able to gain elevated privileges.

Commands executed from the Tool Command Language (Tcl) exec shell are not properly validated. A remote authenticated user may be able to bypass command authorization checks in some configurations to execute any IOS EXEC command at the user's authenticated privilege level.

Devices that run the AAA command authorization feature and support the Tcl functionality may be affected.

Cisco has assigned Bug ID CSCeh73049 to this vulnerability.

The system may also allow a remote authenticated user to enter Tcl Shell mode automatically if a previous user was in Tcl Shell mode and terminated the session before leaving the Tcl Shell mode. The previous Tcl Shell process will remain active and attached to the corresponding virtual type terminal VTY or teletypewriter TTY line. As a result, the remote authenticated user may be able to execute commands with the privileges of the previous user.

Cisco has assigned Bug ID CSCef77770 to this vulnerability. Only 12.3T, 12.4, and 12.2(25)S and onward trains are affected by this second issue.

The vendor credits Nicolas Fischbach of COLT Telecom with reporting this vulnerability.

Impact:   A remote authenticated user may be able to gain elevated privileges.
Solution:   The vendor has issued a fix. A patch matrix is availabe in the vendor's advisory at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error, State error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC