CVE-2007-4786
low-risk
Published 2007-09-10
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
Do I need to act?
-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (18)
Broken Link
http://osvdb.org/37499
Broken Link
http://secunia.com/advisories/26677
Third Party Advisory
http://www.kb.cert.org/vuls/id/563673
Third Party Advisory
http://www.kb.cert.org/vuls/id/MIMG-74ZK93
Broken Link
http://www.securityfocus.com/bid/25548
Broken Link
http://www.securitytracker.com/id?1018660
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36473
Broken Link
http://osvdb.org/37499
Broken Link
http://secunia.com/advisories/26677
Third Party Advisory
http://www.kb.cert.org/vuls/id/563673
Third Party Advisory
http://www.kb.cert.org/vuls/id/MIMG-74ZK93
Broken Link
http://www.securityfocus.com/bid/25548
Broken Link
http://www.securitytracker.com/id?1018660
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36473
20
/ 100
low-risk
Severity
14/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal