Digital Common Sense

1/27/2006

Cisco IOS TCLSH AAA command authorization bypass vulnerability

January 25, FrSIRT â€” Cisco IOS TCLSH AAA command authorization bypass vulnerability. A vulnerability has been identified in Cisco IOS, which could be exploited by malicious users to bypass security restrictions and obtain elevated privileges. This issue is due to an error in the Authentication, Authorization, and Accounting (AAA) command authorization feature that does not properly perform authorization checks on commands executed from the Tool Command Language (Tcl) exec shell, which could be exploited by authenticated users to bypass command authorization checks resulting in unauthorized privilege escalation.

Solution: Apply fixes
Source: http://www.frsirt.com/english/advisories/2006/0337

Cisco, IOS, Infosec

Filed by Ken at 6:54 pm under InfoSec

Comments are closed.

Ken

Ken Camp - Contact Info

ken@ipadventures.com

Voice (Anywhere): (360)545-4050

Voice (Mobile): (360)464-7713

kencamp@gmail.com

Other Places I Blog

Stardust Global Ventures

Professional Affiliations

Consultant Registry
Round Table Group
Hill Associates
InfraGard

Site Navigation

Internal Pages

Online Reference Documents

	Internet Key Exchange
	Best Current Practices in Security is a compilation of information from a variety of sources
	A timeline comparison of the Internet vs. Rock & Roll
	A paper on the Implications of HIPAA on the telecommunications industry
	VoIP Glossary
	VoIP Primer