Cisco PIX/ASA Privilege Escalation.

Ok, a vulnerability has been discovered which allows privilege escalation in Cisco PIX/ASA Firewall IOS ver 7.2.x to 7.2(2.8). If you are using LOCAL as your local aaa authentication, please change it to radius or Cisco proprietary TACACS+ like,

cisco(config)#aaa authentication login default LOCAL

change it to:

cisco(config)#aaa authentication login default TACACS+ or radius,

I am not so sure about the configuration for TACACS and radius now, as i need to refer but basically, do not use LOCAL if you are using the affected IOS version as mentioned above.

Also, for this exploit to work correctly, a user with privilege level of 0 must be present in the LOCAL database of the PIX/ASA. A user with privilege level of 0 can be escalated to privilege level 15 which is the super privilege level with admin access. So in order to stop this exploit, change the following:

cisco(config)#username cisco privilege 0 password cisco

to

cisco(config)#username cisco privilege 1 password cisco

This change will actually stop this exploit.

You can use show version to see your IOS version.