Earlier this week Cisco posted a security advisory regarding a vulnerability in the PIX Firewall. The short of it is that if you store passwords locally and change the configuration there is a chance that the passwords will not be written to flash memory correctly. The outcome is that you will be locked out of your PIX.
The vulnerability affects all PIX running version v7 code [up to and including v7.0(5) and v7.1 up to and including v7.1(2.4)]. If you are running v6 PIX OS you are fine. If you are running an ASA appliance you are running v7 code. This also impacts the v3.1(x or any) train of the Firewall Service Module. If you are using RADIUS or TACACS+ and have configured your PIX for remote authentication (usernames and passwords are defined on the AAA or ACS server) it looks like you are OK also.
The data affected is the passwords stored by either the passwd, username, or enable password commands. This data can be corrupted during a crash or if two users are trying to change the configuration using any management console (CLI, ADSM, PDM) at the same time. The trigger is when you save the password (write memory or equivalent). Apparently this bug writes some other, non random value into flash memory.
So if you were already really smart and using RADIUS or TACACS+ and an ACS server you are OK. Otherwise you may need plan for some network down time and to re-read those the PIX password recovery procedure.
My take on this is that there is very little room for an attacker to exploit this vulnerability. This is the type of problem that causes the Firewall Admin to hurt themselves by corrupting the locally stored password through normal use or maintenance.