Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4786

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4786
Last Modified 07 Mar 2011 09:59:11
Published 10 Sep 2007 05:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2007-4786

Summary

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

Vulnerable Systems


References

CERT-VN - VU#563673

VUPEN - ADV-2007-3076

BID - 25548

CONFIRM - http://www.kb.cert.org/vuls/id/MIMG-74ZK93

MISC - http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903

SECUNIA - 26677

OSVDB - 37499

XF - cisco-asa-aaa-information-disclosure(36473)

SECTRACK - 1018660


Last Updated: 27 May 2016 10:45:58