Vulnerability: Password Exposure via Syslog Management in Cisco ASA Software

Vulnerability: Password Exposure via Syslog Management in Cisco ASA Software

CVE-2014-3410 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.

Learn more about our Cis Benchmark Audit For Cisco.