CVE-2008-1246
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties, including one who works for the vendor, have been unable to reproduce the flaw unless the enable password is blank
** DISPUTADA ** Cisco PIX/ASA Finesse Operation System 7.1 y 7.2 permite a usuarios locales ganar privilegios mediante la introducción de caracteres en el intérprete de comandos, borrando estos caracteres a través de la tecla de retroceso (Backspace) y posteriormente manteniendo pulsada la tecla de retroceso durante un segundo después de borrar el último caracter. NOTA: terceras partes, incluyendo una que trabaja para el proveedor, no han podido reproducir el fallo a no ser que la contraseña de habilitar esté en blanco.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-03-10 CVE Reserved
- 2008-03-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://hackathology.blogspot.com/2008/01/pixasa-finesse-71-72-privilege.html | X_refsource_misc | |
| http://www.gnucitizen.org/projects/router-hacking-challenge | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/486938 | Mailing List | |
| http://www.securityfocus.com/archive/1/486959 | Mailing List | |
| http://www.securityfocus.com/archive/1/487051 | Mailing List | |
| http://www.securityfocus.com/archive/1/487579 | Mailing List | |
| http://www.securityfocus.com/archive/1/489009/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27457 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41129 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Pix Asa Finesse Operation System Search vendor "Cisco" for product "Pix Asa Finesse Operation System" | 7.1 Search vendor "Cisco" for product "Pix Asa Finesse Operation System" and version "7.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Pix Asa Finesse Operation System Search vendor "Cisco" for product "Pix Asa Finesse Operation System" | 7.2 Search vendor "Cisco" for product "Pix Asa Finesse Operation System" and version "7.2" | - |
Affected
| ||||||