Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Two New Cisco Vulnerabilities - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Two New Cisco Vulnerabilities

Cisco released two advisories today, one for a risk of leaving a root account without a password in the Cisco Application Velocity System (AVS) and one for a potential DoS (forced reload) of the PIX 500 series and the Adaptive Security Appliance (ASA) for the Cisco 5500 series.

The AVS prior to version 5.1.0 doesn't prompt users to modify the system password during initial config, which potentially leaves you with a privileged account without a password. The CVS ID for this is CVE-2008-0029 and full details can be found here:

The PIX and ASA are vulnerable to a specifically created packet when they have the TTL decrement feature enabled. The CVS ID for this is CVE-2008-0028 and full details can be found here:


68 Posts
Jan 24th 2008

Sign Up for Free or Log In to start participating in the conversation!