QwikSec

Security Database

CVE

CWE

Training

CVE-2007-4786

Published: Sep 10, 2007

Modified: Jan 17, 2025

PUBLISHED

Description

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

http://www.kb.cert.org/vuls/id/MIMG-74ZK93

x_refsource_CONFIRM

cisco-asa-aaa-information-disclosure(36473)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2007-4786 - Security Vulnerability | QwikSec