4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.6%
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.
secunia.com/advisories/18613
securitytracker.com/id?1015543
www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
www.osvdb.org/34892
www.securityfocus.com/bid/16383
www.vupen.com/english/advisories/2006/0337
exchange.xforce.ibmcloud.com/vulnerabilities/24308
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5836