CVE-2007-4786
MEDIUMCisco ASA 7.0-7.0.7.1, 7.1-7.1.2.61, 7.2-7.2.2.34, 8.0-8.0.2.11 Cleartext Sensitive Info via AAA Test Command
Title source: llmDescription
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
References (9)
Core 9
Core References
Broken Link, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26677
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018660
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MIMG-74ZK93
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36473
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/37499
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25548
Broken Link, Vendor Advisory x_refsource_misc
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/563673
Broken Link, Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3076
Scores
CVSS v3
5.3
EPSS
0.0050
EPSS Percentile
38.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (1)
cisco/adaptive_security_appliance_software
7.0 - 7.0.7.1
Published
Sep 10, 2007
Tracked Since
Feb 18, 2026