Published: 01/02/2006 Updated: 11/10/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The TCL shell in Cisco IOS 12.2(14)S prior to 12.2(14)S16, 12.2(18)S prior to 12.2(18)S11, and certain other releases prior to 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.

Affected Products

Vendor Product Versions
CiscoIos12.0t, 12.0xh, 12.0xk, 12.0xl, 12.0xn, 12.0xr, 12.1, 12.1aa, 12.1e, 12.1ec, 12.1ez, 12.1ga, 12.1gb, 12.1t, 12.1xa, 12.1xe, 12.1xh, 12.1xi, 12.1xj, 12.1xl, 12.1xm, 12.1xp, 12.1xq, 12.1xs, 12.1xt, 12.1xu, 12.1xv, 12.1xw, 12.1xy, 12.1xz, 12.1ya, 12.1yb, 12.1yd, 12.1ye, 12.1yf, 12.1yh, 12.1yi, 12.2, 12.2b, 12.2bw, 12.2by, 12.2dd, 12.2dx, 12.2mx, 12.2n, 12.2s, 12.2su, 12.2sw, 12.2sxb, 12.2sxd, 12.2sxe, 12.2sz, 12.2xa, 12.2xb, 12.2xc, 12.2xd, 12.2xg, 12.2xh, 12.2xj, 12.2xk, 12.2xl, 12.2xm, 12.2xq, 12.2xs, 12.2xt, 12.2xu, 12.2xv, 12.2xw, 12.2yb, 12.2yc, 12.2yd, 12.2ye, 12.2yh, 12.2yk, 12.2yl, 12.2ym, 12.2yn, 12.2yt, 12.2yu, 12.2yw, 12.2yx, 12.2yy, 12.2yz, 12.2zb, 12.2zc, 12.2zd, 12.2ze, 12.2zf, 12.2zh, 12.2zj, 12.2zl, 12.2zn, 12.2zp, 12.3, 12.3(11)yk2, 12.3(11)yl, 12.3b, 12.3t, 12.3xa, 12.3xb, 12.3xd, 12.3xe, 12.3xf, 12.3xg, 12.3xh, 12.3xi, 12.3xj, 12.3xk, 12.3xm, 12.3xq, 12.3xr, 12.3xw, 12.3xy, 12.3ya, 12.3yb, 12.3yf, 12.3yg, 12.3yh, 12.3yi, 12.3yj, 12.3yk, 12.3ym, 12.3yq, 12.3ys, 12.3yt, 12.3yu, 12.3yx, 12.4, 12.4mr, 12.4t