Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1246

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1246
Last Modified 06 Feb 2009 12:00:00
Published 10 Mar 2008 01:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1246

Summary

** DISPUTED ** The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank.

Vulnerable Systems

Operating System

  • Cisco Pix Asa Finesse Operation System 7.1

  • Cisco Pix Asa Finesse Operation System 7.2


References

XF - cisco-pixasa-privilege-escalation(41129)

BID - 27457

BUGTRAQ - 20080301 The Router Hacking Challenge is Over!

BUGTRAQ - 20080205 Re: Re: PIX Privilege Escalation Vulnerability

BUGTRAQ - 20080125 Re: Re: PIX Privilege Escalation Vulnerability

BUGTRAQ - 20080124 Re: PIX Privilege Escalation Vulnerability

BUGTRAQ - 20080124 PIX Privilege Escalation Vulnerability

MISC - http://www.gnucitizen.org/projects/router-hacking-challenge/

MISC - http://hackathology.blogspot.com/2008/01/pixasa-finesse-71-72-privilege.html


Last Updated: 27 May 2016 10:47:05