Test ID:	1.3.6.1.4.1.25623.1.0.10819
Category:	Web application abuses
Title:	PIX Firewall Manager Directory Traversal
Summary:	It is possible to read arbitrary files on the remote host; through the remote web server.
Description:	Summary: It is possible to read arbitrary files on the remote host through the remote web server. Vulnerability Insight: It is possible to read arbitrary files on this machine by using relative paths in the URL. This vulnerability has been assigned Cisco Bug ID: CSCdk39378. Note: Cisco originally recommended upgrading to version 4.1.6b or version 4.2, however the same vulnerability has been found in version 4.3. Cisco now recommends to disable the software completely and to migrate to the new PIX Device Manager software. Vulnerability Impact: This flaw can be used to bypass the management software's password protection and possibly retrieve the enable password for the Cisco PIX. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-1999-0158 Cisco Security Advisory: 20010913 Cisco PIX Firewall Manager File Exposure http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml http://www.osvdb.org/685 XForce ISS Database: cisco-pix-file-exposure
Copyright	Copyright (C) 2001 Digital Defense Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.