Cisco Adaptive Security Appliance AAA Authentication Feature Information Disclosure Vulnerability

Bugtraq ID:	25548
Class:	Design Error
CVE:	CVE-2007-4786
Remote:	Yes
Local:	No
Published:	Sep 05 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Lisa Sittler of CERT/CC is credited with the discovery of this vulnerability.
Vulnerable:	Cisco Adaptive Security Appliance 8.0 Cisco Adaptive Security Appliance 7.2 Cisco Adaptive Security Appliance 7.1 Cisco Adaptive Security Appliance 7.0
Not Vulnerable:

Cisco Adaptive Security Appliance AAA Authentication Feature Information Disclosure Vulnerability

Cisco Adaptive Security Appliance (ASA) is prone to multiple information-disclosure vulnerability when communicating information through an insecure channel. The issue arises in the Authentication, Authorization and Accounting (AAA) feature when troubleshooting the ASA server.

An attacker can exploit this issue to access users' authentication credentials. Information obtained may lead to further attacks.

Cisco Adaptive Security Appliance AAA Authentication Feature Information Disclosure Vulnerability

An attacker can exploit this issue by using readily available network utilities.

Cisco Adaptive Security Appliance AAA Authentication Feature Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Cisco Adaptive Security Appliance AAA Authentication Feature Information Disclosure Vulnerability

References:

• Cisco Adaptive Security Appliance Homepage (Cisco)
  
• Cisco Systems, Inc. Information for VU#563673 (US-CERT)
  
• Vulnerability Note VU#563673 (US-CERT)