CVE-2006-0485

Sažetak

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.

Reference

http://secunia.com/advisories/18613
http://securitytracker.com/id?1015543
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
http://www.osvdb.org/34892
http://www.securityfocus.com/bid/16383
http://www.vupen.com/english/advisories/2006/0337
https://exchange.xforce.ibmcloud.com/vulnerabilities/24308
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5836

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:30

Objavljeno

01-02-2006 - 02:02