A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
History

Thu, 19 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Meta
Meta tac Plus
Weaknesses CWE-790
CPEs cpe:2.3:a:meta:tac_plus:*:*:*:*:*:*:*:*
Vendors & Products Meta
Meta tac Plus
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2023-10-06T17:16:16.797Z

Updated: 2024-09-19T16:18:24.876Z

Reserved: 2023-10-05T21:36:59.884Z

Link: CVE-2023-45239

cve-icon Vulnrichment

Updated: 2024-08-02T20:14:19.824Z

cve-icon NVD

Status : Modified

Published: 2023-10-06T18:15:12.337

Modified: 2024-11-21T08:26:36.877

Link: CVE-2023-45239

cve-icon Redhat

No data.