ID de Prueba:	1.3.6.1.4.1.25623.1.0.10819
Categoría:	Web application abuses
Título:	PIX Firewall Manager Directory Traversal
Resumen:	It is possible to read arbitrary files on the remote host; through the remote web server.
Descripción:	Summary: It is possible to read arbitrary files on the remote host through the remote web server. Vulnerability Insight: It is possible to read arbitrary files on this machine by using relative paths in the URL. This vulnerability has been assigned Cisco Bug ID: CSCdk39378. Note: Cisco originally recommended upgrading to version 4.1.6b or version 4.2, however the same vulnerability has been found in version 4.3. Cisco now recommends to disable the software completely and to migrate to the new PIX Device Manager software. Vulnerability Impact: This flaw can be used to bypass the management software's password protection and possibly retrieve the enable password for the Cisco PIX. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-1999-0158 Cisco Security Advisory: 20010913 Cisco PIX Firewall Manager File Exposure http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml http://www.osvdb.org/685 XForce ISS Database: cisco-pix-file-exposure
Copyright	Copyright (C) 2001 Digital Defense Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.