Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access

medium Nessus Plugin ID 10819

Language:

Synopsis

It is possible to read arbitrary files on the remote host through the remote web server.

Description

It is possible to read arbitrary files on this machine by using relative paths in the URL. This flaw can be used to bypass the management software's password protection and possibly retrieve the enable password for the Cisco PIX.

This vulnerability has been assigned Cisco Bug ID: CSCdk39378.

Solution

Cisco originally recommended upgrading to version 4.1.6b or version 4.2, however the same vulnerability has been found in version 4.3. Cisco now recommends that you disable the software completely and migrate to the new PIX Device Manager software.

Plugin Details

Severity: Medium

ID: 10819

File Name: DDI_PIX_Firewall_Manager.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 12/6/2001

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Patch Publication Date: 9/2/1998

Vulnerability Publication Date: 8/31/1998

Reference Information

CVE: CVE-1999-0158

BID: 691

Detections

Analytics