PIX Firewall Manager Directory Traversal Network Vulnerability

Summary

It is possible to read arbitrary files on the remote host through the remote web server. Description : It is possible to read arbitrary files on this machine by using relative paths in the URL. This flaw can be used to bypass the management software's password protection and possibly retrieve the enable password for the Cisco PIX. This vulnerability has been assigned Cisco Bug ID: CSCdk39378.

Solution

Cisco originally recommended upgrading to version 4.1.6b or version 4.2, however the same vulnerability has been found in version 4.3. Cisco now recommends that you disable the software completely and migrate to the new PIX Device Manager software.

Severity

Classification

CVE CVE-1999-0158

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AdaptCMS 'init.php' Remote File Include Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Apache Subversion Module Metadata Accessible

Take action and discover your vulnerabilities