SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Cisco PIX Firewall Vendors:   Cisco
Cisco PIX Firewall May Change Certain Passwords
SecurityTracker Alert ID:  1016740
SecurityTracker URL:  http://securitytracker.com/id/1016740
CVE Reference:   CVE-2006-4312   (Links to External Site)
Updated:  Aug 24 2006
Original Entry Date:  Aug 23 2006
Impact:   Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0 - 7.0(5), 7.1 - 7.1(2.4)
Description:   A vulnerability was reported in Cisco PIX Firewall. Certain passwords may be inadvertently changed by the system.

The software contains a flaw that may cause passwords stored in the startup configuration to be changed without user interaction. The EXEC password, passwords of locally defined users, and the enable password are affected.

The flaw may be triggered by a software crash or when two or more users are making concurrent configuration changes on the target device.

The passwords are changed to a non-random value due to the nature of the coding error that causes this behavior.

Versions prior to 7.x and version 7.2(1) and later are not affected.

Cisco has assigned Cisco Bug ID CSCse02703 to this vulnerability.

Cisco credits Terje Bless from Helse Nord IKT with reporting this vulnerability.

Impact:   The system may change certain passwords without user interaction.
Solution:   Cisco has issued the following fixed versions: 7.0(5.1), 7.1(2.5) (and later releases).

The Cisco advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC