CVE-2008-7232

xtacacsd <4.1.2 - RCE

Title source: llm
STIX 2.1

Description

Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.

Exploits (2)

exploitdb WORKING POC VERIFIED
by MC · rubyremotebsd
https://www.exploit-db.com/exploits/10035
metasploit WORKING POC NORMAL
rubypocbsd
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/tacacs/xtacacsd_report.rb

References (3)

Scores

EPSS 0.5998
EPSS Percentile 98.3%

Details

CWE
CWE-119
Status published
Products (11)
netplex-tech/xtacacsd 2.0
netplex-tech/xtacacsd 3.0
netplex-tech/xtacacsd 3.1
netplex-tech/xtacacsd 3.2
netplex-tech/xtacacsd 3.3
netplex-tech/xtacacsd 3.4
netplex-tech/xtacacsd 3.5
netplex-tech/xtacacsd 4.0
netplex-tech/xtacacsd 4.1
netplex-tech/xtacacsd 4.1.1
... and 1 more
Published Sep 14, 2009
Tracked Since Feb 18, 2026