CVE-2023-48643

Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 16/05/2024 Updated: 17/05/2024

Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta's fork.

tac_plus Pre-Auth Remote Command Execution Vulnerability

tac_plus Pre-Auth Remote Command Execution Vulnerability This repository contains information about a pre-auth remote command execution vulnerability in different open-source implementations of tac_plus The following two forks are affected: Shrubbery Networks tac_plus Facebook tac_plus However, both forks are based on a Cisco dev kit for TACACS+ that was open-sources over 16

https://github.com/takeshixx/tac_plus-pre-auth-rce https://nvd.nist.gov https://github.com/takeshixx/tac_plus-pre-auth-rce

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-48643

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect