Lucene search

K
nvd[email protected]NVD:CVE-2023-48643
HistoryMay 16, 2024 - 4:15 p.m.

CVE-2023-48643

2024-05-1616:15:08
web.nvd.nist.gov
2
shrubbery tac_plus
remote command execution
configuration file
authorization checks
tacacs+ packets
authentication

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta’s fork.

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%