Cisco Security Notice: Response to AAA Command Authorization By-Pass
A vulnerability exists within Cisco Internetwork Operating System (IOS) Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (Tcl) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.
Devices not running AAA command authorization feature, or do not support Tcl functionality are not affected by this vulnerability.
posted by Fergie @ 1/25/2006 03:29:00 PM
0 Comments:
Post a Comment
<< Home