OSVDB ID: 685

Title: Cisco PIX Firewall Manager (PFM) on Windows Web Interface Traversal Arbitrary File Access

Info

Disclosure

Aug 31, 1998

Discovery

Unknown

Dates

Exploit

Aug 31, 1998

Solution

Sep 02, 1998

Description

Cisco PIX Firewall Manager contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related, Security Software

Solution

Upgrade (or downgrade) to version 4.1(6b) or 4.2(2), as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	PIX Firewall Manager	4.1(6a)
		4.2(1)
		4.2(2)

References

ISS X-Force ID: 1583
CVE ID: 1999-0158 (see also: NVD)
CERT VU: 5053
Bugtraq ID: 691
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_3/0692.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml

Credit

Brett Oliphant - Brett_M_Oliphant/Lafayette_Lifellnotes.llic.com -

Direct URL: http://osvdb.org/685

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

PIX Firewall Manager

References

Credit