N/A

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.

N/A

N/A

Cisco IOS TCLSH AAA绕过命令执行认证漏洞

Cisco Internet Operating System(IOS)是一款使用于CISCO路由器上的操作系统。 Cisco IOS AAA服务命令执行的认证实现上存在漏洞，远程已登录到设备的攻击者可能利用此漏洞绕过命令执行认证以高权限执行任意命令。Cisco IOS AAA服务没有对通过TCL Shell执行的命令做认证，在某些配置情况下一个已登录的用户可以通过TCL Shell无须认证执行任意命令，从而导致权限提升。不具备AAA服务功能及不支持TCL的设备不受此漏洞影响。

N/A

N/A