Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Firewall)  >   Cisco Firewall Services Module Vendors:   Cisco
Cisco Firewall Services Module May Change Certain Passwords
SecurityTracker Alert ID:  1016738
SecurityTracker URL:
CVE Reference:   CVE-2006-4312   (Links to External Site)
Updated:  Aug 24 2006
Original Entry Date:  Aug 23 2006
Impact:   Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.1 - 3.1(1.6)
Description:   A vulnerability was reported in Cisco Firewall Services Module for the Cisco Catalyst 6500 switches and Cisco 7600 Series routers. Certain passwords may be inadvertently changed by the system.

The software contains a flaw that may cause passwords stored in the startup configuration to be changed without user interaction. The EXEC password, passwords of locally defined users, and the enable password are affected.

The flaw may be triggered by a software crash or when two or more users are making concurrent configuration changes on the target device.

The passwords are changed to a non-random value due to the nature of the coding error that causes this behavior.

Versions 1.x and 2.x and version 3.1(2) and later are not affected.

Cisco has assigned Cisco Bug ID CSCsd81487 to this vulnerability.

Cisco credits Terje Bless from Helse Nord IKT with reporting this vulnerability.

Impact:   The system may change certain passwords without user interaction.
Solution:   Cisco has issued a fixed version (3.1(2) and later), available at:

The Cisco advisory is available at:

Vendor URL: (Links to External Site)
Cause:   State error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC