6.8 - cisco-sa-20060823-firewall

Executive Summary

Summary
Title	Unintentional Password Modification Vulnerability in Cisco Firewall Products

Informations
Name	cisco-sa-20060823-firewall	First vendor Publication	2006-07-25
Vendor	Cisco	Last vendor Modification	2006-08-23
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score	6.8	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.1	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Certain versions of the software for the Cisco PIX 500 Series Security Appliances, the Cisco ASA 5500 Series Adaptive Security Appliances (ASA), and the Firewall Services Module (FWSM) are affected by a software bug that may cause the EXEC password, passwords of locally defined usernames, and the enable password in the startup configuration to be changed without user intervention.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Cisco Adaptive Security Appliance cpe:2.3:h:cisco:adaptive_security_appliance::::::::	1
Hardware	Cisco Pix Firewall 501 cpe:2.3:h:cisco:pix_firewall_501::::::::	1
Hardware	Cisco Pix Firewall 506 cpe:2.3:h:cisco:pix_firewall_506::::::::	1
Hardware	Cisco Pix Firewall 515 cpe:2.3:h:cisco:pix_firewall_515::::::::	1
Hardware	Cisco Pix Firewall 515E cpe:2.3:h:cisco:pix_firewall_515e::::::::	1
Hardware	Cisco Pix Firewall 520 cpe:2.3:h:cisco:pix_firewall_520::::::::	1
Hardware	Cisco Pix Firewall 525 cpe:2.3:h:cisco:pix_firewall_525::::::::	1
Hardware	Cisco Pix Firewall 535 cpe:2.3:h:cisco:pix_firewall_535::::::::	1
Os	Cisco Pix Firewall Software cpe:2.3:o:cisco:pix_firewall_software:6.3:::::::*	1

Open Source Vulnerability Database (OSVDB)

Id	Description
28143	Cisco Multiple Products Unintentional Password Modification Cisco Firewall products contain a flaw that may allow a malicious user to gain authorised access to a vulnerable device. The issue is triggered when certain passwords change to a non-random value under certain circumstances. It is possible that the flaw may allow authorized users to be locked out and unauthorized users to gain access resulting in a loss of confidentiality and integrity.

Description

28143

Cisco Multiple Products Unintentional Password Modification

Cisco Firewall products contain a flaw that may allow a malicious user to gain authorised access to a vulnerable device. The issue is triggered when certain passwords change to a non-random value under certain circumstances. It is possible that the flaw may allow authorized users to be locked out and unauthorized users to gain access resulting in a loss of confidentiality and integrity.

Global Informations

Type	Count
CPE ID(s)	9
osvdb(s)	1

	Related
6.8	CVE-2006-4312
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.8 - cisco-sa-20060823-firewall

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU