Cisco Systems has patched a hole in it main operating switch and router operating system which could allow users...
to get access to network privileges above their authorisation.
In addition, Cisco has patched against a known hole in some of its virtual private networking systems, which could allow remote attackers to cause a denial of service attack.
The authorisation problems occur in Cisco’s main Internetwork Operating System (IOS), which is used in most of Cisco’s switches and routers.
The company has issued a patch to prevent users employing the Tcl (Tool Command Language) exec shell to get around the Authentication, Authorization and Accounting (AAA) command authorisation feature in kit.
A user employing the Tcl exec shell could use that access to execute commands above their privilege level.
In addition, if Tcl users terminate their sessions without leaving the Tcl Shell mode (by using the tclquit command), that shell process remains active, and allows other authenticated users to also bypass the AAA command authorisation checking.
The vulnerability affects all Cisco products running Cisco IOS Version 12.0T or later. To take advantage of the flaw, support for the Tcl functionality has to be enabled on the kit, and the AAA command authorisation feature has to be enabled too.
In addition, Cisco has issued a patch on a previously reported denial of service threat, which affects Cisco VPN 3000 series kit running software 4.7.0 to 4.7.2.A.
If unpatched, a denial of service could be created by sending a malicious HTTP packet to the VPN kit, causing it to continue to re-load, resulting in crashed networks.