| VID |
29007 |
| Severity |
30 |
| Port |
8181 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Cisco PIX firewall manager (PFM) has a remote file exposure vulnerability.
The Cisco PIX Firewall product is shipped with a management program known as PIX Firewall Manager (PFM), which includes a mini Web server. This server resides on a Windows computer and could allow a remote attacker to read any files on the system.
* References:
http://www.iss.net/security_center/static/1583.php
http://www.securityfocus.com/bid/691 |
| Recommendation |
Cisco originally recommended upgrading to version 4.1.6b or version 4.2, as listed in Cisco Systems Field Notice, September 2, 1998, "Cisco PIX Firewall Manager File Exposure" at http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml.
However the same vulnerability has been found in version 4.3. Cisco now recommends that you disable the software completely and migrate to the new PIX Device Manager software. |
| Related URL |
CVE-1999-0158 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
