Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Cisco IOS local privilege escalation SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco IOS local privilege escalation
Cisco released earlier a vulnerability note detailing a problem within some Cisco IOS versions that bypasses the command authorization offered by AAA services such as TACACS+. The bypass uses tclsh.

Why a router would need tclsh is a mystery to this handler.

Swa Frantzen


760 Posts
Jan 25th 2006

Sign Up for Free or Log In to start participating in the conversation!