Vuln Dev
PIX Privilege Escalation Vulnerability Jan 24 2008 03:41AM
tbbunn ctc net (2 replies)
SV: PIX Privilege Escalation Vulnerability Jan 24 2008 09:18PM
Jan Nielsen (jan boyakasha dk)
Re: PIX Privilege Escalation Vulnerability Jan 24 2008 05:48PM
Kristian Erik Hermansen (kristian hermansen gmail com)
On 24 Jan 2008 03:41:38 -0000, <tbbunn (at) ctc (dot) net [email concealed]> wrote:
> I am now going to go over the simplicity of the exploit and I will be releasing a white paper hopefully sooner than later on the specifics of the underlying cause. Once a user has logged on to the user-exec (level0) of the device they will then be able to proceed with the <enable> command which should give you a login prompt. At this prompt if you move your cursor forward with a space or character(it doesn't matter if there are more then one), and then proceed to delete any spaces or characters, by holding down the backspace a second after deleting the last character it should immediately drop you into level 15 privilege-exec mode. This attack was originally performed on a PIX 515E running version 7.2 of Finesse. I will be posting all updates regarding this exploit as they come, and I apologize for it taking so long to release this information.

That's a ridiculous exploit. Have you notified Cisco PSIRT?
--
Kristian Erik Hermansen
"Know something about everything and everything about something."

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus