Executive Summary
Summary | |
---|---|
Title | Unintentional Password Modification Vulnerability in Cisco Firewall Products |
Informations | |||
---|---|---|---|
Name | cisco-sa-20060823-firewall | First vendor Publication | 2006-07-25 |
Vendor | Cisco | Last vendor Modification | 2006-08-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Certain versions of the software for the Cisco PIX 500 Series Security Appliances, the Cisco ASA 5500 Series Adaptive Security Appliances (ASA), and the Firewall Services Module (FWSM) are affected by a software bug that may cause the EXEC password, passwords of locally defined usernames, and the enable password in the startup configuration to be changed without user intervention. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
28143 | Cisco Multiple Products Unintentional Password Modification Cisco Firewall products contain a flaw that may allow a malicious user to gain authorised access to a vulnerable device. The issue is triggered when certain passwords change to a non-random value under certain circumstances. It is possible that the flaw may allow authorized users to be locked out and unauthorized users to gain access resulting in a loss of confidentiality and integrity. |