Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cisco IOS local privilege escalation - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco IOS local privilege escalation
Cisco released earlier a vulnerability note detailing a problem within some Cisco IOS versions that bypasses the command authorization offered by AAA services such as TACACS+. The bypass uses tclsh.

Why a router would need tclsh is a mystery to this handler.

Swa Frantzen


760 Posts
Jan 25th 2006

Sign Up for Free or Log In to start participating in the conversation!