VAR-200803-0169
Vulnerability from variot - Updated: 2024-07-23 20:50The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank. Cisco Systems Cisco PIX/ASA Finesse Operation System contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco PIX and ASA are potentially prone to a privilege-escalation vulnerability. Exploiting this issue allows authenticated attackers to gain administrative privileges on affected devices. This may facilitate the complete compromise of the affected device. This issue affects the Cisco PIX/ASA operating system Finesse 7.1 and 7.2. Other versions may also be affected. This issue may be related to the one documented in BID 22562 (Cisco PIX/ASA Privilege Escalation Vulnerability), but not enough information is currently available to confirm this. Note that Cisco cannot reproduce this issue at this time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix asa finesse operation system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix asa finesse operation system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "cisco pix/asa finesse operation system",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "7.1"
},
{
"model": "cisco pix/asa finesse operation system",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco pix/asa finesse operation system",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)006"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.24)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1.22)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.27)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.55)"
}
],
"sources": [
{
"db": "BID",
"id": "27457"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
},
{
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_asa_finesse_operation_system:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_asa_finesse_operation_system:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Terry Bunn discovered this issue.",
"sources": [
{
"db": "BID",
"id": "27457"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
}
],
"trust": 0.9
},
"cve": "CVE-2008-1246",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-1246",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "VHN-31371",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1246",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-124",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31371"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
},
{
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank. Cisco Systems Cisco PIX/ASA Finesse Operation System contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco PIX and ASA are potentially prone to a privilege-escalation vulnerability. \nExploiting this issue allows authenticated attackers to gain administrative privileges on affected devices. This may facilitate the complete compromise of the affected device. \nThis issue affects the Cisco PIX/ASA operating system Finesse 7.1 and 7.2. Other versions may also be affected. \nThis issue may be related to the one documented in BID 22562 (Cisco PIX/ASA Privilege Escalation Vulnerability), but not enough information is currently available to confirm this. \nNote that Cisco cannot reproduce this issue at this time",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1246"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"db": "BID",
"id": "27457"
},
{
"db": "VULHUB",
"id": "VHN-31371"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1246",
"trust": 3.6
},
{
"db": "BID",
"id": "27457",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080125 RE: RE: PIX PRIVILEGE ESCALATION VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080205 RE: RE: PIX PRIVILEGE ESCALATION VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080124 PIX PRIVILEGE ESCALATION VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080124 RE: PIX PRIVILEGE ESCALATION VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "41129",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31371",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31371"
},
{
"db": "BID",
"id": "27457"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
},
{
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"id": "VAR-200803-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31371"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:50:33.392000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.cisco.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
},
{
"problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31371"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://hackathology.blogspot.com/2008/01/pixasa-finesse-71-72-privilege.html"
},
{
"trust": 1.9,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41129"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/27457"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/486938"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/486959"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/487051"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/487579"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1246"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41129"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/"
},
{
"trust": 0.3,
"url": "/archive/1/486938"
},
{
"trust": 0.3,
"url": "/archive/1/486959"
},
{
"trust": 0.3,
"url": "/archive/1/487051"
},
{
"trust": 0.3,
"url": "/archive/1/487579"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31371"
},
{
"db": "BID",
"id": "27457"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
},
{
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31371"
},
{
"db": "BID",
"id": "27457"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
},
{
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31371"
},
{
"date": "2008-01-24T00:00:00",
"db": "BID",
"id": "27457"
},
{
"date": "2024-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-124"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31371"
},
{
"date": "2015-05-07T17:33:00",
"db": "BID",
"id": "27457"
},
{
"date": "2024-07-23T07:41:00",
"db": "JVNDB",
"id": "JVNDB-2008-006676"
},
{
"date": "2009-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-124"
},
{
"date": "2024-05-17T00:37:50.227000",
"db": "NVD",
"id": "CVE-2008-1246"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA Enable Login Prompt Privilege Escalation Vulnerability",
"sources": [
{
"db": "BID",
"id": "27457"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-124"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…