Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2007-4786First vendor Publication2007-09-10
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:H/Au:S/C:C/I:N/A:N)
Cvss Base Score4.3Attack RangeAdjacent network
Cvss Impact Score6.9Attack ComplexityHigh
Cvss Expoit Score2.5AuthentificationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-31Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37Lifting Data Embedded in Client Distributions
CAPEC-65Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-102Session Sidejacking
CAPEC-117Data Interception Attacks
CAPEC-155Screen Temporary Files for Sensitive Information
CAPEC-157Sniffing Attacks
CAPEC-167Lifting Sensitive Data from the Client
CAPEC-204Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

CWE : Common Weakness Enumeration

idName
CWE-319Cleartext Transmission of Sensitive Information
CWE-311Missing Encryption of Sensitive Data(CWE/SANS Top 25)
CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware4

Open Source Vulnerability Database (OSVDB)

idDescription
37499Cisco Adaptive Security Appliance (ASA) PIX Cleartext Password Remote Disclosure

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/25548
CERT-VNhttp://www.kb.cert.org/vuls/id/563673
CONFIRMhttp://www.kb.cert.org/vuls/id/MIMG-74ZK93
MISChttp://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetc...
OSVDBhttp://osvdb.org/37499
SECTRACKhttp://www.securitytracker.com/id?1018660
SECUNIAhttp://secunia.com/advisories/26677
VUPENhttp://www.vupen.com/english/advisories/2007/3076
XFhttp://xforce.iss.net/xforce/xfdb/36473

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-11 10:36:06
  • Multiple Updates