var-200608-0339
Vulnerability from variot
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. Cisco PIX Firewall In the case where the configuration process is incomplete, the software crashes or the password stored in the startup configuration is unintentionally specified by the user when multiple users change the configuration in parallel. There is a vulnerability that changes to the value of.There is a possibility of unauthorized access to the target device using the changed password. Multiple Cisco Firewall appliances are prone to an authentication-bypass vulnerability. The vulnerability occurs because the firmware fails to properly handle certain configuration errors, resulting in unintended password changes to non-random specific passwords. This issue allows remote attackers to gain unauthorized access to the affected network appliances with administrative or local user privileges. These issues are tracked by Cisco Bug IDs CSCse02703 and CSCsd81487. Cisco PIX, ASA, and FWSM are very popular firewall devices that provide firewall services capable of stateful packet filtering and deep packet inspection. There are only two situations that can trigger this software bug: * Software crashes, usually caused by software bugs. Note that not all software crashes lead to the undesirable results described above. * Two or more users make configuration changes simultaneously on the same device. The vulnerability is triggered regardless of the method used to access the device (Command Line Interface [CLI], Adaptive Security Device Manager [ASDM], Firewall Management Center, etc.). Note that when saving the configuration to a stable medium that stores the startup configuration via the write memory or copy running-config startup-config commands, the password in the startup configuration is changed. In normal operation, the password in the startup configuration is not changed without saving the running configuration. If an AAA server (RADIUS or TACACS+) is used for authentication, regardless of whether LOCAL authentication is configured as fallback, only changing the password in the startup configuration when the AAA server is unavailable will cause the above undesirable results. This prevents administrators from being able to log in to the device if authentication is configured to use a password stored in the launch configuration. If a malicious user is able to guess the new password and restarts the device, whether it is an automatic restart caused by a software crash or a manual restart by a network administrator, unauthorized access to the device is possible.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Cisco Firewall Products Unintentional Password Modification
SECUNIA ADVISORY ID: SA21616
VERIFY ADVISORY: http://secunia.com/advisories/21616/
CRITICAL: Moderately critical
IMPACT: Security Bypass
WHERE:
From remote
OPERATING SYSTEM: Cisco PIX 7.x http://secunia.com/product/6102/ Cisco Adaptive Security Appliance (ASA) 7.x http://secunia.com/product/6115/
SOFTWARE: Cisco Firewall Services Module (FWSM) 3.x http://secunia.com/product/8614/ Cisco Firewall Services Module (FWSM) 2.x http://secunia.com/product/5088/ Cisco Firewall Services Module (FWSM) 1.x http://secunia.com/product/2273/
DESCRIPTION: A security issue has been reported in various Cisco Firewall products, which may allow malicious people to bypass certain security restrictions.
The error may happen during a software crash or multiple users configuring a device at the same time.
This may result in users being locked out or lead to unauthorised access to an affected device.
SOLUTION: Update to a fixed version (see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: The vendor credits Terje Bless, Helse Nord IKT.
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix firewall 520",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall 525",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall 506",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall 501",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall 535",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall 515e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall 515",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix firewall 506",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall 535",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall 501",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix firewall 515",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall 520",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall 515e",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall 525",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(5)"
},
{
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.1"
},
{
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.0"
},
{
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76003.1"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(1.7)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.1"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0"
},
{
"model": "pix firewall manager g",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5350"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5256.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "525"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "520"
},
{
"model": "pix firewall 515e",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "515"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5060"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5010"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.5(112)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.3(133)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.2"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.1"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(5)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.109)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.102)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3(110)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.111"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3.100)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5(104)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4.101)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.4"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(4.206)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(8)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(7.202)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(4)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.2"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "pix firewall b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7"
},
{
"model": "gigabit switch router del",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "firewall services module",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3(4)"
},
{
"model": "firewall services module",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3"
}
],
"sources": [
{
"db": "BID",
"id": "19681"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
},
{
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:pix_asa",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Terje Bless",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4312",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CVE-2006-4312",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "VHN-20420",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4312",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2006-4312",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-399",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20420",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20420"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
},
{
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a \"non-random value\" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. Cisco PIX Firewall In the case where the configuration process is incomplete, the software crashes or the password stored in the startup configuration is unintentionally specified by the user when multiple users change the configuration in parallel. There is a vulnerability that changes to the value of.There is a possibility of unauthorized access to the target device using the changed password. Multiple Cisco Firewall appliances are prone to an authentication-bypass vulnerability. The vulnerability occurs because the firmware fails to properly handle certain configuration errors, resulting in unintended password changes to non-random specific passwords. \nThis issue allows remote attackers to gain unauthorized access to the affected network appliances with administrative or local user privileges. \nThese issues are tracked by Cisco Bug IDs CSCse02703 and CSCsd81487. Cisco PIX, ASA, and FWSM are very popular firewall devices that provide firewall services capable of stateful packet filtering and deep packet inspection. There are only two situations that can trigger this software bug: * Software crashes, usually caused by software bugs. Note that not all software crashes lead to the undesirable results described above. * Two or more users make configuration changes simultaneously on the same device. The vulnerability is triggered regardless of the method used to access the device (Command Line Interface [CLI], Adaptive Security Device Manager [ASDM], Firewall Management Center, etc.). Note that when saving the configuration to a stable medium that stores the startup configuration via the write memory or copy running-config startup-config commands, the password in the startup configuration is changed. In normal operation, the password in the startup configuration is not changed without saving the running configuration. If an AAA server (RADIUS or TACACS+) is used for authentication, regardless of whether LOCAL authentication is configured as fallback, only changing the password in the startup configuration when the AAA server is unavailable will cause the above undesirable results. This prevents administrators from being able to log in to the device if authentication is configured to use a password stored in the launch configuration. If a malicious user is able to guess the new password and restarts the device, whether it is an automatic restart caused by a software crash or a manual restart by a network administrator, unauthorized access to the device is possible. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Firewall Products Unintentional Password Modification\n\nSECUNIA ADVISORY ID:\nSA21616\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21616/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco PIX 7.x\nhttp://secunia.com/product/6102/\nCisco Adaptive Security Appliance (ASA) 7.x\nhttp://secunia.com/product/6115/\n\nSOFTWARE:\nCisco Firewall Services Module (FWSM) 3.x\nhttp://secunia.com/product/8614/\nCisco Firewall Services Module (FWSM) 2.x\nhttp://secunia.com/product/5088/\nCisco Firewall Services Module (FWSM) 1.x\nhttp://secunia.com/product/2273/\n\nDESCRIPTION:\nA security issue has been reported in various Cisco Firewall\nproducts, which may allow malicious people to bypass certain security\nrestrictions. \n\nThe error may happen during a software crash or multiple users\nconfiguring a device at the same time. \n\nThis may result in users being locked out or lead to unauthorised\naccess to an affected device. \n\nSOLUTION:\nUpdate to a fixed version (see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Terje Bless, Helse Nord IKT. \n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4312"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"db": "BID",
"id": "19681"
},
{
"db": "VULHUB",
"id": "VHN-20420"
},
{
"db": "PACKETSTORM",
"id": "49193"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "19681",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2006-4312",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "21616",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1016740",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016738",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016739",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28143",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3367",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200608-399",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20060823 UNINTENTIONAL PASSWORD MODIFICATION VULNERABILITY IN CISCO FIREWALL PRODUCTS",
"trust": 0.6
},
{
"db": "XF",
"id": "28540",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-20420",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49193",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20420"
},
{
"db": "BID",
"id": "19681"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"db": "PACKETSTORM",
"id": "49193"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
},
{
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"id": "VAR-200608-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20420"
}
],
"trust": 0.7368591
},
"last_update_date": "2024-11-23T22:50:25.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20060823-firewall",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml"
},
{
"title": "cisco-sa-20060823-firewall",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20060823-firewall-j.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/19681"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28143"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016738"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016739"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016740"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21616"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2006/3367"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3367"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28540"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4312"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-4312"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28540"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00807183b0.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/444126"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21616/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8614/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5088/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2273/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6115/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20420"
},
{
"db": "BID",
"id": "19681"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"db": "PACKETSTORM",
"id": "49193"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
},
{
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-20420"
},
{
"db": "BID",
"id": "19681"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"db": "PACKETSTORM",
"id": "49193"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
},
{
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-20420"
},
{
"date": "2006-08-23T00:00:00",
"db": "BID",
"id": "19681"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"date": "2006-08-27T00:18:48",
"db": "PACKETSTORM",
"id": "49193"
},
{
"date": "2006-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-399"
},
{
"date": "2006-08-23T22:04:00",
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-20420"
},
{
"date": "2006-09-01T21:38:00",
"db": "BID",
"id": "19681"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000518"
},
{
"date": "2006-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-399"
},
{
"date": "2024-11-21T00:15:38.880000",
"db": "NVD",
"id": "CVE-2006-4312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX Firewall Vulnerabilities that prevent authentication in the configuration process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "19681"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-399"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…