Cisco Adaptive Security Appliance (ASA) running PIX 7.0 prior to 7.0.7.1, 7.1 prior to 7.1.2.61, 7.2 prior to 7.2.2.34, and 8.0 prior to 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent malicious users to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco adaptive security appliance software |