I tried creating a privilege 0 account for a client for read-only access to their ASA firewalls. For the CLI login, it won't matter cause they don't know the enable password, so that keeps them from making changes. But for the ASDM login, I was able to login with the privilege 0 account and make changes to the device (adding users).
I searched cisco.com and of course I found nothing good.
Should I create some 'privilege level 0' commands? I looked at that command and I didn't see anything to specify ASDM read only.
Any comments appreciated ,
Chris Serafin
Security Engineer
chris@chrisserafin.com