1. Home
  2. CVE Database
  3. CVE-2006-4312
MEDIUM · 6.8

CVE-2006-4312

Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to ...

Vulnerability Description

Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.

CVSS Score

6.8

MEDIUM

AV:L/AC:L/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoPix Firewall 501All versions
CiscoPix Firewall 506All versions
CiscoPix Firewall 515All versions
CiscoPix Firewall 515EAll versions
CiscoPix Firewall 520All versions
CiscoPix Firewall 525All versions
CiscoPix Firewall 535All versions
CiscoPix Firewall Software6.3
CiscoAdaptive Security ApplianceAll versions

References

FAQ

What is CVE-2006-4312?

CVE-2006-4312 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to ...

How severe is CVE-2006-4312?

CVE-2006-4312 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-4312?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Pix Firewall 501, Cisco Pix Firewall 506, Cisco Pix Firewall 515, Cisco Pix Firewall 515E, Cisco Pix Firewall 520.