Re: PIX Privilege Escalation Vulnerability

["Kristian Erik Hermansen" <kristian.hermansen () gmail com>]

On 24 Jan 2008 03:41:38 -0000,  <tbbunn () ctc net> wrote:
>         I am now going to go over the simplicity of the exploit and I will be releasing a white paper hopefully 
> sooner than later on the specifics of the underlying cause. Once a user has logged on to the user-exec (level0) of 
> the device they will then be able to proceed with the <enable> command which should give you a login prompt. At this 
> prompt if you move your cursor forward with a space or character(it doesn't matter if there are more then one), and 
> then proceed to delete any spaces or characters, by holding down the backspace a second after deleting the last 
> character it should immediately drop you into level 15 privilege-exec mode. This attack was originally performed on a 
> PIX 515E running version 7.2 of Finesse. I will be posting all updates regarding this exploit as they come, and I 
> apologize for it taking so long to release this information.

That's a ridiculous exploit.  Have you notified Cisco PSIRT?
-- 
Kristian Erik Hermansen
"Know something about everything and everything about something."