Info

Disclosure

Jan 25, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Cisco IOS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the Authentication, Authorization, and Accounting (AAA) command authorization feature is enabled and the TCL shell is available. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to the latest version available for your equipment, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	IOS	12.0
		12.1
		12.2
		12.3
		12.4

References

Security Tracker: 1015543
Bugtraq ID: 16383
Secunia Advisory ID: 18613
CVE ID: 2006-0485 (see also: NVD)
SCIP VulDB ID: 2014
Related OSVDB ID: 22723
VUPEN Advisory: ADV-2006-0337
Keyword: CSCeh73049,CSCsd28570
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml

Credit

Nicolas Fischbach - COLT Telecom

Direct URL: http://osvdb.org/34892

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

IOS

References

Credit