CVE-2007-4786Cleartext Transmission of Sensitive Info in Cisco Adaptive Security Appliance Software

CWE-319Cleartext Transmission of Sensitive InfoCWE-311Missing Encryption of Sensitive Data5 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 62.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedSep 10
Latest updateMay 1

Description

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v7h7-w765-g2ff: Cisco Adaptive Security Appliance (ASA) running PIX 72022-05-01
CVEList
CVE-2007-4786: Cisco Adaptive Security Appliance (ASA) running PIX 72007-09-10

📐Framework References

2
CWE
Missing Encryption of Sensitive Data
CWE
Cleartext Transmission of Sensitive Information
CVE-2007-4786 — Cisco vulnerability | cvebase