Cisco PIX and ASA LOCAL Method Privilege Escalation Vulnerability

Cisco PIX 500 Series Security Appliances and Cisco ASA 5500 Series Adaptive Security Appliances (ASA) contain a vulnerability that could allow an authenticated, remote attacker to gain elevated privileges on the device.

The vulnerability only exists on devices using LOCAL method for user authentication. The attacker must also be defined in the local database with a privilege of zero and be able to authenticate to the device. If these conditions are met, an attacker could grant themselves administrative privileges.

The vendor has given this issue a CVSS score to reflect the availability of functional exploit code; however, the code is not known to be publicly available.

Cisco has confirmed this vulnerability and updated software is available.

In order to exploit this vulnerability, an attacker must be defined in the local database with a privilege level of zero and be able to authenticate to the affected device. These conditions greatly reduce the likelihood of attacks, as only trusted users should be defined in the local database. It should also be noted that the affected devices are not vulnerable in their default configurations.