CVE-2023-45239

Summary

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.

Affected Software

VendorProductVersion RangeStatus
Metatac_plus0 < 4fdf178affected

Weaknesses

  • CWE-790: Improper Filtering of Special Elements

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References