CVE-2006-0486
Last modified
CVE-2006-0486 is a vulnerability of currently unknown severity. Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.2\(25\)s |
| Cisco | Ios | 12.3t |
| Cisco | Ios | 12.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0486?
How severe is CVE-2006-0486?
How do I fix CVE-2006-0486?
Are you affected by CVE-2006-0486?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST