CVE-2006-0485

high

Description

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5836

https://exchange.xforce.ibmcloud.com/vulnerabilities/24308

http://www.vupen.com/english/advisories/2006/0337

http://www.securityfocus.com/bid/16383

http://www.osvdb.org/34892

http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml

http://securitytracker.com/id?1015543

http://secunia.com/advisories/18613

Details

Source: Mitre, NVD

Published: 2006-02-01

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High