BID:22562

Cisco PIX/ASA Privilege Escalation Vulnerability

Info

Cisco PIX/ASA Privilege Escalation Vulnerability

Bugtraq ID:	22562
Class:	Design Error
CVE:	CVE-2007-0960 CVE-2007-0961 CVE-2007-0962 CVE-2007-0959
Remote:	No
Local:	Yes
Published:	Feb 14 2007 12:00AM
Updated:	Jul 06 2016 02:39PM
Credit:	The vendor disclosed this vulnerability.
Vulnerable:	Cisco PIX/ASA 7.2.2

Not Vulnerable:	Cisco PIX/ASA 7.2(2.10)

Discussion

Cisco PIX/ASA Privilege Escalation Vulnerability

Cisco PIX and ASA are prone to a privilege-escalation vulnerability.

Exploiting this issue allows authenticated attackers to gain administrative privileges on affected computers. This may facilitate the complete compromise of the affected device. This issue is tracked by Cisco Bug ID: CSCsh33287.

Exploit / POC

Cisco PIX/ASA Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Cisco PIX/ASA Privilege Escalation Vulnerability

Solution:
Cisco has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.

References

Cisco PIX/ASA Privilege Escalation Vulnerability

References:

Cisco PIX Firewall Product Homepage (Cisco Systems)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliance (Cisco)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliance (Cisco)