|Date: (C)2007-09-10 (M)2017-08-01|| |
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 22.214.171.124, 7.1 before 126.96.36.199, 7.2 before 188.8.131.52, and 8.0 before 184.108.40.206, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
|CVSS Score: 4.3||Access Vector: ADJACENT_NETWORK|
|Exploit Score: 2.5||Access Complexity: HIGH|
|Impact Score: 6.9||Authentication: SINGLE_INSTANCE|
| ||Confidentiality: COMPLETE|
| ||Integrity: NONE|
| ||Availability: NONE|