Vulnerability Note VU#5053
Older Versions of Cisco PIX Firewall Manager permits retrieval of files
A vulnerability in versions of the Cisco PIX Firewall Manager (PFM) in use circa September 1998 allows intruders to retrieve files from the host running PFM.
A vulnerability in the Cisco PIx FIrewall manager allows an intruder to retrieve files from the host running PFM. In typical configurations, the intruder would have to be inside the firewall. Quoting from Cisco Security Notice: Field Notice PIX Firewall Manager File Exposure
The use of the PIX Device Manager is preferred to the use of PFM.
If prerequisites are met, attackers can retrieve any file orfiles on the NT host on which PFM is installed, as well as any file or files on network servers accessible through that host's file system.
Use the PIX Device Manager instead of the PIX Firewall Manager (PFM). If that is not possible, upgrade to a version of PFM later than 4.2(1), or the latest version.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco||Affected||-||03 Jan 2002|
CVSS Metrics (Learn More)
Our thanks to Cisco for the information in their field notice.
This document was written by Shawn V Hernan.
- CVE IDs: CVE-1999-0158
- Date Public: 31 Aug 98
- Date First Published: 03 Jan 2002
- Date Last Updated: 03 Jan 2002
- Severity Metric: 0.63
- Document Revision: 2
If you have feedback, comments, or additional information about this vulnerability, please send us email.