CVE-2007-4786 — MEDIUM (5.3)

Q: How severe is CVE-2007-4786?

CVE-2007-4786 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4786?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software.

Vulnerability Description

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Adaptive Security Appliance Software	>= 7.0, < 7.0.7.1

Related Weaknesses (CWE)

CWE-319

References

http://osvdb.org/37499Broken Link
http://secunia.com/advisories/26677Broken LinkThird Party Advisory
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBuBroken LinkVendor Advisory
http://www.kb.cert.org/vuls/id/563673Third Party AdvisoryUS Government Resource
http://www.kb.cert.org/vuls/id/MIMG-74ZK93Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/25548Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018660Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2007/3076Broken LinkThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36473Third Party AdvisoryVDB Entry
http://osvdb.org/37499Broken Link
http://secunia.com/advisories/26677Broken LinkThird Party Advisory
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBuBroken LinkVendor Advisory
http://www.kb.cert.org/vuls/id/563673Third Party AdvisoryUS Government Resource
http://www.kb.cert.org/vuls/id/MIMG-74ZK93Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/25548Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2007-4786?

CVE-2007-4786 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the...

How severe is CVE-2007-4786?

CVE-2007-4786 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4786?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software.