CVE-2007-4786

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

Cisco Adaptive Security Appliance (ASA) funcionando en PIX 7.0 anterior a 7.0.7.1, 7.1 anterior a 7.1.2.61, 7.2 anterior a 7.2.2.34, y 8.0 before 8.0.2.11, when AAA is enabled, escribe mensajes %ASA-5-111008 desde el comando "test aaa" con contraseñas en texto plano y envía las mismas a través de la red a un servidor de registros del sistema remoto o los coloca en un búfer local de validación, lo caul permite a atacantes dependientes del contexto obtener información sensible.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-10 CVE Reserved
2007-09-10 CVE Published
2024-08-07 CVE Updated
2024-08-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC

References (9)

URL	Tag	Source
http://osvdb.org/37499	Broken Link
http://secunia.com/advisories/26677	Broken Link
http://www.kb.cert.org/vuls/id/563673	Third Party Advisory
http://www.kb.cert.org/vuls/id/MIMG-74ZK93	Third Party Advisory
http://www.securityfocus.com/bid/25548	Broken Link
http://www.securitytracker.com/id?1018660	Broken Link
http://www.vupen.com/english/advisories/2007/3076	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36473	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903	2024-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 7.0 < 7.0.7.1 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 7.0 < 7.0.7.1"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 7.1 < 7.1.2.61 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 7.1 < 7.1.2.61"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 7.2 < 7.2.2.34 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 7.2 < 7.2.2.34"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				>= 8.0 < 8.0.2.11 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version " >= 8.0 < 8.0.2.11"		-		Affected