This short technical briefing describes a technique using Tcl to create a backdoor within IOS that would allow a remote attacker to execute privileged commands on a networking device.
You can download it from the following link: https://packetstormsecurity.com/files/download/61301/Creating_Backdoors_in_Cisco_IOS_using_Tcl.pdf
Source: https://packetstormsecurity.com/files/61301/Creating_Backdoors_in_Cisco_IOS_using_Tcl.pdf.html