CVE-2006-0485 — Cisco IOS vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 66.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedFeb 1

Latest updateMay 1

Description

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/ios130 versions+129

🔴Vulnerability Details

GHSA

GHSA-4r9c-wgm4-c72m: The TCL shell in Cisco IOS 12↗2022-05-01

▶

CVEList

CVE-2006-0485: The TCL shell in Cisco IOS 12↗2006-02-01

▶