3 matches found
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
CVE-2023-48643 affects Shrubbery tac_plus 2.x, 3.x, and 4.x up to F4.0.4.28. The issue arises when pre-auth or post-auth checks are configured as shell commands in tac_plus.cfg; strings from TACACS+ packets are used as command arguments, allowing injection that leads to unauthenticated remote com...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...