CVE-2008-1246 | Cisco PIX/ASA Finesse Operation System - Enable Prompt Operational Intel

Executive Risk Summary

"A local privilege escalation vulnerability exists in the Cisco PIX/ASA Finesse Operation System 7.1 and 7.2, allowing attackers to gain elevated privileges by manipulating the enable prompt. This vulnerability can be exploited when the enable password is blank, allowing an attacker to potentially gain control of the system."

Anticipated Attack Path

1. Step 1: Identify a Cisco PIX/ASA device with a blank enable password
2. Step 2: Manipulate the enable prompt to gain elevated privileges
3. Step 3: Execute commands with elevated privileges to gain control of the system

Am I Vulnerable?

Verify the enable password is not blank on all Cisco PIX/ASA devices
Apply the latest security patches to the Cisco PIX/ASA Finesse Operation System
Monitor system logs for suspicious activity related to the enable prompt

Operational Audit Arsenal

Target Type Binary

Target Asset pixshell

Standard Path /usr/local/bin

Manual Verification Required

This is a non-Windows asset (Cisco). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

Local privilege escalation vulnerability in Cisco PIX/ASA Finesse Operation System 7.1 and 7.2, allowing attackers to gain elevated privileges when the enable password is blank.

Technical Intelligence & Operational Utilities • Delivered Weekly