Cisco PIX Multiple Vulnerabilities

Available Languages

Updated:December 10, 2011
Document ID:1454785655259933

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Security Advisory

Cisco PIX Multiple Vulnerabilities

Severity
Advisory ID:
cisco-sa-20021120-pix-vulnerability
First Published:
2002 November 20 16:00 GMT
Version 1.0:
Final

Summary

  • The Cisco PIX Firewall provides robust, enterprise-class security services including stateful inspection firewalling, standards-based IP Security (IPsec) Virtual Private Networking (VPN), intrusion protection and much more in cost-effective, easy to deploy solutions.

    Two vulnerabilities have been resolved for the PIX firewall for which fixes are available. These vulnerabilities are documented as Cisco bug ID CSCdv83490 and CSCdx35823.

    There are no workarounds available to mitigate the effects of these vulnerabilities.

    Cisco has released software updates that address these vulnerabilities.

    This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20021120-pix-vulnerability.

Affected Products

  • Vulnerable Products

    All PIX Firewall units running the vulnerable releases and using the specific features are affected by these vulnerabilities.

    DDTs—Description

    Affected Release

    CSCdv83490—While processing initial contact notify messages the PIX does not delete duplicate Internet Security Authentication Key Management Protocol Security Associations (ISAKMP SAs) with the peer.

    6.0.3 and earlier

    6.1.3 and earlier

    CSCdx35823—Buffer overflow while doing HTTP traffic authentication using Terminal Access Controller Access Control System Plus (TACACS+) or Remote Authentication Dial-In User Service (RADIUS).

    5.2.8 and earlier

    6.0.3 and earlier

    6.1.3 and earlier

    6.2.1 and earlier

    To determine your software revision, type show version at the command line prompt.

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by these vulnerabilities.

Details

  • CSCdv83490

    When a user establishes a VPN session upon successful peer and user authentication, the PIX creates an ISAKMP SA associating the user and his IP address.

    If an attacker is now able to block the logged-in user's connection and establish a connection to the PIX using the same IP address as that of the user, he will be able to establish a VPN session with the PIX, using only peer authentication, provided he already has access to the peer authentication key also known as the group pre-shared key (PSK) or group password key.

    CSCdx35823

    A user starting a connection via FTP, Telnet, or over the World Wide Web (HTTP) is prompted for their user name and password. If the user name and password are verified by the designated TACACS+ or RADIUS authentication server, the PIX Firewall unit will allow further traffic between the authentication server and the connection to interact independently through the PIX Firewall unit's "cut-through proxy" feature.

    The PIX may crash and reload due to a buffer overflow vulnerability while processing HTTP traffic requests for authentication using TACACS+ or RADIUS.

    The Internetworking Terms and Acronyms online guide can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm. The Cisco Systems Terms and Acronyms online guide can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/cisco12.htm.

    These vulnerabilities are documented in the Bug Toolkit as Bug IDs CSCdv83490 and CSCdx35823, and can be viewed after 2002 November 21 at 1600 UTC. To access this tool, you must be a registered user and you must be logged in.

Workarounds

  • There are no workarounds for these vulnerabilities. The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code.

Fixed Software

  • DDTs—Description

    Fixed Releases

    CSCdv83490—While processing initial contact notify messages the PIX does not delete duplicate ISAKMP SAs with the peer.

    6.0.4 and later

    6.1.4 and later

    6.2.1 and later

    CSCdx35823—Buffer overflow while doing HTTP traffic authentication using TACACS+ or RADIUS.

    5.2.9 and later

    6.0.4 and later

    6.1.4 and later

    6.2.2 and later

    The procedure to upgrade to the fixed software version is detailed at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/index.htm.

Exploitation and Public Announcements

  • The Cisco PSIRT is not aware of any malicious use of the vulnerabilities described in this advisory.

    These vulnerabilities were reported to PSIRT by Cisco engineering and customers.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

URL

Revision History

  • Revision 1.0

    2002-Nov-20

    Initial public release
    Show Less

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications