A newly discovered vulnerability in the software that manages one of the most widely deployed firewalls on the Internet could enable an attacker to gain full access to the firewall, and by extension, the network it protects.
Some versions of Cisco Systems Inc.s PIX Firewall Manager, or PFM, software save the enable password in cleartext in a log file created during installation. The PFM is typically installed on a Windows NT workstation or server that is used as the management station for the PIX firewall device.
The log file containing the password has no access restrictions by default, so if the management station is compromised, the password can be recovered, according to an advisory released by Novacoast International Inc., the network design and security company that discovered the vulnerability.
However, in order to exploit this vulnerability, an attacker must first have access to the management station, which is typically inside the firewall.
The flaw affects versions 4.3(2) and 5.2(1), and possibly others, running on Windows NT and Windows 2000.
Cisco, of San Jose, Calif., does not have a patch available for this vulnerability, but recommends that administrators upgrade to PFM Version 6 or replace the PFM with the PIX Device Manager.