Information Security Philippines

An alert from Cisco Systems Inc. describes an unintentional password modification vulnerability in multiple firewall products that could be exploited to change passwords without user interaction and allow “unauthorized users to gain access to a device that has been reloaded after passwords in its startup configuration have been changed. Authorized users can be locked out and lose the ability to manage the affected device.”  

The flaw affects Cisco PIX 500 Series Security Appliances, Cisco ASA 5500 Series Adaptive Security Appliances and Firewall Service Module (FWSM) for Cisco Catalyst 6500 switches and Cisco 7600 Series Routers running affected versions of the software.

Cisco has issued software to address this vulnerability.  A second alert from Cisco describes a pair of flaws in Cisco VPN 3000 series concentrators with FTP file management enabled that could be exploited to execute some FTP commands and delete files.  Cisco has issued free software to address these two flaws and also made workarounds available.
http://www.cisco.com/en/US/products/products_security_advisory09186a00807183b0.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080718330.shtml

This entry was posted on Wednesday, August 30th, 2006 at 8:20 am and is filed under Networks, Security Bulletin, Vulnerability. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.