CVE-2009-1155

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances versions 7.1(1) through 7.1(2)82 Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances versions 7.2 before 7.2(4)27 Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances versions 8.0 before 8.0(4)25 Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances versions 8.1 before 8.1(2)15

Description The issue allows remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors when AAA override-account-disable is entered in a general-attributes field. Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances.

Recommendations For versions 7.1(1) through 7.1(2)82, update to a version after 7.1(2)82 to resolve the issue. For versions 7.2 before 7.2(4)27, update to version 7.2(4)27 or later to resolve the issue. For versions 8.0 before 8.0(4)25, update to version 8.0(4)25 or later to resolve the issue. For versions 8.1 before 8.1(2)15, update to version 8.1(2)15 or later to resolve the issue. As a temporary workaround, consider restricting access to the AAA override-account-disable field in the general-attributes to minimize the risk of exploitation.