Vulnerability Development mailing list archives
Re: PIX Privilege Escalation Vulnerability
From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com>
Date: Thu, 24 Jan 2008 09:48:55 -0800
On 24 Jan 2008 03:41:38 -0000, <tbbunn () ctc net> wrote:
I am now going to go over the simplicity of the exploit and I will be releasing a white paper hopefully sooner than later on the specifics of the underlying cause. Once a user has logged on to the user-exec (level0) of the device they will then be able to proceed with the <enable> command which should give you a login prompt. At this prompt if you move your cursor forward with a space or character(it doesn't matter if there are more then one), and then proceed to delete any spaces or characters, by holding down the backspace a second after deleting the last character it should immediately drop you into level 15 privilege-exec mode. This attack was originally performed on a PIX 515E running version 7.2 of Finesse. I will be posting all updates regarding this exploit as they come, and I apologize for it taking so long to release this information.
That's a ridiculous exploit. Have you notified Cisco PSIRT? -- Kristian Erik Hermansen "Know something about everything and everything about something."
Current thread:
- PIX Privilege Escalation Vulnerability tbbunn (Jan 24)
- Re: PIX Privilege Escalation Vulnerability Kristian Erik Hermansen (Jan 24)
- SV: PIX Privilege Escalation Vulnerability Jan Nielsen (Jan 24)