4 matches found
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...
CVE-2023-48643
CVE-2023-48643 affects Shrubbery tac_plus 2.x, 3.x, and 4.x up to F4.0.4.28. The issue arises when pre-auth or post-auth checks are configured as shell commands in tac_plus.cfg; strings from TACACS+ packets are used as command arguments, allowing injection that leads to unauthenticated remote com...
PT-2024-13615 · Shrubbery · Tac Plus
Name of the Vulnerable Software and Affected Versions: Shrubbery tac plus versions 2.x through 4.x and versions up to F4.0.4.28 Description: The issue allows unauthenticated Remote Command Execution. It is caused by the product's ability to configure authorization checks as shell commands through...