Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco PIX and ASA LOCAL Method Privilege Escalation Vulnerability

Cisco-SA-20070214-CVE-2007-0960 · Medium · Published · Updated

Cisco PIX 500 Series Security Appliances and Cisco ASA 5500 Series Adaptive Security Appliances (ASA) contain a vulnerability that could allow an authenticated, remote attacker to gain elevated privileges on the device. The vulnerability only exists on devices using LOCAL method for user authentication.  The attacker must also be defined in the local database with a privilege of zero and be able to authenticate to the device.  If these conditions are met, an attacker could grant themselves administrative privileges. The vendor has given this issue a CVSS score to reflect the availability of functional exploit code; however, the code is not known to be publicly available. Cisco has confirmed this vulnerability and updated software is available. In order to exploit this vulnerability, an attacker must be defined in the local database with a privilege level of zero and be able to authenticate to the affected device.  These conditions greatly reduce the likelihood of attacks, as only trusted users should be defined in the local database.  It should also be noted that the affected devices are not vulnerable in their default configurations.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate software updates.

Administrators are advised to use either TACACS+ or RADIUS for authentication instead of using LOCAL method for user authentication.  Information on how to configure TACACS+ or RADIUS on Cisco PIX and ASA appliances can be found at the following link: TACACS+ and RADIUS Configuration Example for PIX and ASA["http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml"]

Administrators who wish to keep LOCAL authentication can mitigate this vulnerability by changing the minimum privilege level for users from 0 to 1.  Any other appropriate privilege level could be used, however, as long as it is not privilege level
15.

Administrators are advised to restrict access to the device to trusted users only.

CVEsCVE-2007-0960
Cisco Bug IDsNA
CVSS ScoreBase 6.0
Product Names From Source
Cisco PIX/ASA

Related Products

Product CVE Evidence
Cisco PIX/ASA CVE-2007-0960 Cisco OpenVuln