CVE-2007-4786

Name: CVE-2007-4786
Creator: NVD / NIST
Published: 2007-09-10T21:17:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.50%

Last modified Jun 16, 2026

CVE-2007-4786 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.. EPSS estimates a 0.50% chance of exploitation in the next 30 days.

Description

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.50%

38.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Adaptive Security Appliance Software	>= 7.0, < 7.0.7.1
Cisco	Adaptive Security Appliance Software	>= 7.1, < 7.1.2.61
Cisco	Adaptive Security Appliance Software	>= 7.2, < 7.2.2.34
Cisco	Adaptive Security Appliance Software	>= 8.0, < 8.0.2.11

References

http://osvdb.org/37499Broken Link
http://secunia.com/advisories/26677Broken Link, Third Party Advisory
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903Broken Link, Vendor Advisory
http://www.kb.cert.org/vuls/id/563673Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-74ZK93Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/25548Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018660Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/3076Broken Link, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36473Third Party Advisory, VDB Entry
http://osvdb.org/37499Broken Link
http://secunia.com/advisories/26677Broken Link, Third Party Advisory
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903Broken Link, Vendor Advisory
http://www.kb.cert.org/vuls/id/563673Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-74ZK93Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/25548Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018660Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/3076Broken Link, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36473Third Party Advisory, VDB Entry

Timeline

Published: Sep 10, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-4786?

How severe is CVE-2007-4786?

CVE-2007-4786 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.50% probability of exploitation in the next 30 days.

How do I fix CVE-2007-4786?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4786?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST