Last Updated: 2008-01-24 01:17:54 UTC
by Toby Kohlenberg (Version: 1)
Cisco released two advisories today, one for a risk of leaving a root account without a password in the Cisco Application Velocity System (AVS) and one for a potential DoS (forced reload) of the PIX 500 series and the Adaptive Security Appliance (ASA) for the Cisco 5500 series.
The AVS prior to version 5.1.0 doesn't prompt users to modify the system password during initial config, which potentially leaves you with a privileged account without a password. The CVS ID for this is CVE-2008-0029 and full details can be found here:
The PIX and ASA are vulnerable to a specifically created packet when they have the TTL decrement feature enabled. The CVS ID for this is CVE-2008-0028 and full details can be found here: