Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0486

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-0486
Last Modified 04 Mar 2009 12:45:35
Published 31 Jan 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0486

Summary

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.

Vulnerable Systems

Operating System

  • Cisco Ios 12.2%2825%29s

  • Cisco Ios 12.3t

  • Cisco Ios 12.4


References

CISCO - 20060125 Response to AAA Command Authorization by-pass

XF - cisco-aaa-tcl-auth-bypass(24308)

OSVDB - 22723

SECTRACK - 1015543

SECUNIA - 18613


Last Updated: 27 May 2016 10:41:40