A vulnerability, which was classified as problematic, has been found in Cisco PIX Firewall Manager 4.3(2)g (Firewall Software). Affected by this issue is an unknown functionality of the file pfm.log. The manipulation with an unknown input leads to a cleartext storage vulnerability. Using CWE to declare the problem leads to CWE-312. The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Impacted is confidentiality. CVE summarizes:

Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.

The weakness was published 10/10/2001 with Novacoast as confirmed advisory (CERT.org). The advisory is shared for download at kb.cert.org. This vulnerability is handled as CVE-2001-1098. The exploitation is known to be easy. The attack needs to be approached locally. No form of authentication is required for exploitation. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1555.

By approaching the search of inurl:pfm.log it is possible to find vulnerable targets with Google Hacking.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (7265).

Productinfo

Type

• Firewall Software

Vendor

• Cisco

Name

• PIX Firewall Manager

Version

• 4.3(2)g

License

• commercial

Support

• end of life (old version)

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion