Tcl (Tool Command Language) is a scripting language used extensively in embedded systems, which is easy to use and has some powerful features. The language has been supported by Cisco IOS for some time now and is used, for example, in IOS IVR configuration as well as for automating mundane tasks regularly performed by network administrators. This short technical briefing describes a technique using Tcl to create a backdoor within IOS that would allow a remote attacker to execute privileged commands on a networking device. The document (which includes a proof-of-concept Tcl script) can be downloaded here: http://www.irmplc.com/index.php/153-Embedded-Systems-Security
