CVE-2006-0486

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/18613
http://securitytracker.com/id?1015543
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml	Vendor Advisory
http://www.osvdb.org/22723
https://exchange.xforce.ibmcloud.com/vulnerabilities/24308
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4905

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:12.2\(25\)s:::::::*
	cpe:2.3:o:cisco:ios:12.3t:::::::*
	cpe:2.3:o:cisco:ios:12.4:::::::*

History

No history.

Information

Published : 2006-02-01 02:02

Updated : 2023-12-10 10:28

NVD link : CVE-2006-0486

Mitre link : CVE-2006-0486

CVE.ORG link : CVE-2006-0486

JSON object : View

Products Affected

cisco

ios

CWE

NVD-CWE-Other

{"id": "CVE-2006-0486", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-02-01T02:02:00.000", "references": [{"url": "http://secunia.com/advisories/18613", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015543", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22723", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24308", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4905", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770."}], "lastModified": "2017-10-11T01:30:37.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.2\\(25\\)s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA143186-1E3B-4B5F-A5FD-AE90A2664AFA"}, {"criteria": "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C3B413-76F7-413B-A51F-29834F9DE722"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}