Vulnerability: Password Exposure via Syslog Management in Cisco ASA Software
CVE-2014-3410 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.
Learn more about our Cis Benchmark Audit For Cisco.