Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta's fork.
History

Thu, 13 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Shrubbery
Shrubbery tac Plus 2x
Shrubbery tac Plus 3x
Shrubbery tac Plus 4x
CPEs cpe:2.3:a:shrubbery:tac_plus_2x:*:*:*:*:*:*:*:*
cpe:2.3:a:shrubbery:tac_plus_3x:*:*:*:*:*:*:*:*
cpe:2.3:a:shrubbery:tac_plus_4x:*:*:*:*:*:*:*:*
Vendors & Products Shrubbery
Shrubbery tac Plus 2x
Shrubbery tac Plus 3x
Shrubbery tac Plus 4x
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 20 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-16T16:14:01.041Z

Updated: 2025-02-13T15:46:57.167Z

Reserved: 2023-11-17T00:00:00.000Z

Link: CVE-2023-48643

cve-icon Vulnrichment

Updated: 2024-08-02T21:37:54.509Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-16T16:15:08.437

Modified: 2024-11-21T08:32:10.197

Link: CVE-2023-48643

cve-icon Redhat

No data.