Lisa Sittler

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) versions 7.0 through 7.0.7.1 Cisco Adaptive Security Appliance (ASA) versions 7.1 through 7.1.2.61 Cisco Adaptive Security Appliance (ASA) versions 7.2 through 7.2.2.34 Cisco Adaptive Security Appliance (ASA) versions 8.0 through 8.0.2.11 Description: The issue allows context-dependent attackers to obtain sensitive information when AAA is enabled. This occurs because the system composes messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer. Recommendations: For versions 7.0 through 7.0.7.1, update to version 7.0.7.1 or later to resolve the issue. For versions 7.1 through 7.1.2.61, update to version 7.1.2.61 or later to resolve the issue. For versions 7.2 through 7.2.2.34, update to version 7.2.2.34 or later to resolve the issue. For versions 8.0 through 8.0.2.11, update to version 8.0.2.11 or later to resolve the issue.