Details of VAR-200110-0013

ID

VAR-200110-0013

CVE

CVE-2001-1098

TITLE

Cisco PIX Firewall Manager Plaintext Password Vulnerability

Trust: 0.9

sources: BID: 3419 // CNNVD: CNNVD-200110-038

DESCRIPTION

Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. A malicious user could use this password to connect to the PIX Firewall and make configuration changes. It is important to note that a malicious user would have to obtain access to the local workstation in order to exploit this vulnerability

Trust: 1.98

sources: NVD: CVE-2001-1098 // CERT/CC: VU#639507 // BID: 3419 // VULHUB: VHN-3903

AFFECTED PRODUCTS

vendor:	cisco	model:	pix firewall manager	scope:	eq	version:	4.3\(2\)g	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	pix firewall manager g	scope:	eq	version:	4.3	Trust: 0.3

sources: CERT/CC: VU#639507 // BID: 3419 // CNNVD: CNNVD-200110-038 // NVD: CVE-2001-1098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1098
value:	LOW
Trust: 1.0
CARNEGIE MELLON:	VU#639507
value:	6.28
Trust: 0.8
CNNVD:	CNNVD-200110-038
value:	LOW
Trust: 0.6
VULHUB:	VHN-3903
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2001-1098
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3903
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#639507 // VULHUB: VHN-3903 // CNNVD: CNNVD-200110-038 // NVD: CVE-2001-1098

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1098

THREAT TYPE

local

Trust: 0.9

sources: BID: 3419 // CNNVD: CNNVD-200110-038

TYPE

Design Error

Trust: 0.9

sources: BID: 3419 // CNNVD: CNNVD-200110-038

EXTERNAL IDS

db:	BID	id:	3419	Trust: 2.8
db:	CERT/CC	id:	VU#639507	Trust: 2.5
db:	NVD	id:	CVE-2001-1098	Trust: 1.7
db:	CNNVD	id:	CNNVD-200110-038	Trust: 0.7
db:	XF	id:	7265	Trust: 0.6
db:	BUGTRAQ	id:	20011010 VULNERABILITY: CISCO PIX FIREWALL MANAGER	Trust: 0.6
db:	VULHUB	id:	VHN-3903	Trust: 0.1

sources: CERT/CC: VU#639507 // VULHUB: VHN-3903 // BID: 3419 // CNNVD: CNNVD-200110-038 // NVD: CVE-2001-1098

REFERENCES

url:	http://www.securityfocus.com/bid/3419	Trust: 2.5
url:	http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/639507	Trust: 1.7
url:	http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pixdm_ds.htm	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7265	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/219781	Trust: 0.8
url:	http://xforce.iss.net/static/7265.php	Trust: 0.6
url:	http://www.cisco.com/warp/public/110/41.shtml	Trust: 0.3

sources: CERT/CC: VU#639507 // VULHUB: VHN-3903 // BID: 3419 // CNNVD: CNNVD-200110-038 // NVD: CVE-2001-1098

CREDITS

This vulnerability was reported to BugTraq by Florencio Umel <fumel@novacoast.com>.

Trust: 0.9

sources: BID: 3419 // CNNVD: CNNVD-200110-038

SOURCES

db:	CERT/CC	id:	VU#639507
db:	VULHUB	id:	VHN-3903
db:	BID	id:	3419
db:	CNNVD	id:	CNNVD-200110-038
db:	NVD	id:	CVE-2001-1098

LAST UPDATE DATE

2025-04-03T22:41:59.464000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#639507	date:	2001-10-31T00:00:00
db:	VULHUB	id:	VHN-3903	date:	2017-10-10T00:00:00
db:	BID	id:	3419	date:	2001-10-10T00:00:00
db:	CNNVD	id:	CNNVD-200110-038	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2001-1098	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#639507	date:	2001-10-12T00:00:00
db:	VULHUB	id:	VHN-3903	date:	2001-10-10T00:00:00
db:	BID	id:	3419	date:	2001-10-10T00:00:00
db:	CNNVD	id:	CNNVD-200110-038	date:	2001-10-10T00:00:00
db:	NVD	id:	CVE-2001-1098	date:	2001-10-10T04:00:00