A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Meta
Meta tac Plus |
|
Weaknesses | CWE-790 | |
CPEs | cpe:2.3:a:meta:tac_plus:*:*:*:*:*:*:*:* | |
Vendors & Products |
Meta
Meta tac Plus |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: facebook
Published: 2023-10-06T17:16:16.797Z
Updated: 2024-09-19T16:18:24.876Z
Reserved: 2023-10-05T21:36:59.884Z
Link: CVE-2023-45239
Vulnrichment
Updated: 2024-08-02T20:14:19.824Z
NVD
Status : Modified
Published: 2023-10-06T18:15:12.337
Modified: 2024-11-21T08:26:36.877
Link: CVE-2023-45239
Redhat
No data.