TCL Shell (tclsh) Arbitrary Command Execution

high Nessus Plugin ID 35308

Synopsis

Arbitrary commands can be run on this host.

Description

A TCL shell (tclsh) is running on this port, and it allows unauthenticated users to run arbitrary commands on the machine.

Solution

Check that the system has not been compromised and reinstall if necessary.

If using a product from Computer Associates, apply the appropriate patch referenced in the vendor's advisory above. Otherwise, disable the service or restrict access to it.

See Also

http://www.nessus.org/u?513b6d4d

https://www.securityfocus.com/archive/1/499857/30/0/threaded

Plugin Details

Severity: High

ID: 35308

File Name: tclsh.nasl

Version: 1.14

Type: remote

Published: 1/8/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Excluded KB Items: global_settings/disable_service_discovery

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2009-0043

BID: 33161

CWE: 264