Vulnerability CVE-2016-6366


Published: 2016-08-18

Description:
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

Vendor: Cisco
Product: Pix firewall 
Version: base;
Product: Adaptive security appliance software 
Version:
9.4.2.3
9.4.2
9.4.1.5
9.4.1.3
9.4.1.2
9.4.1.1
9.4.1
9.4.0.115
9.3.5
9.3.3.6
9.3.3.5
9.3.3.2
9.3.3.1
9.3.3
9.3.2.2
9.3.2
9.3.1.1
9.3.1
9.3(2.243)
9.3(2.100)
9.3(1.50)
9.3(1.105)
9.2.4.4
9.2.4.2
9.2.4
9.2.3.4
9.2.3.3
9.2.3
9.2.2.8
9.2.2.7
9.2.2.4
9.2.2
9.2.1
9.2(3.1)
9.2(0.104)
9.2(0.0)
9.1.6.8
9.1.6.6
9.1.6.4
9.1.6.10
9.1.6.1
9.1.6
9.1.5.21
9.1.5.15
9.1.5.12
9.1.5.10
9.1.5
9.1.4.5
9.1.4
9.1.3.2
9.1.3
9.1.2.8
9.1.2
9.1.1.4
9.1.1
9.0.4.7
9.0.4.5
9.0.4.37
9.0.4.35
9.0.4.33
9.0.4.29
9.0.4.26
9.0.4.24
9.0.4.20
9.0.4.17
9.0.4.1
9.0.4
9.0.3.8
9.0.3.6
9.0.3
9.0.2.10
9.0.2
9.0.1
8.7.1.8
8.7.1.7
8.7.1.4
8.7.1.3
8.7.1.17
8.7.1.16
8.7.1.13
8.7.1.11
8.7.1.1
8.7.1
8.6.1.5
8.6.1.2
8.6.1.17
8.6.1.14
8.6.1.13
8.6.1.12
8.6.1.10
8.6.1.1
8.6.1
8.5.1.7
8.5.1.6
8.5.1.24
8.5.1.21
8.5.1.19
See more versions on NVD
Product: Asa 1000v cloud firewall software 
Version: 8.7.1.1; 8.7.1;

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://blogs.cisco.com/security/shadow-brokers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip
https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html

Related CVE
CVE-2018-0403
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040.
CVE-2018-0402
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.
CVE-2018-0401
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco ...
CVE-2018-0400
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco ...
CVE-2018-0399
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.
CVE-2018-0398
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.
CVE-2018-0396
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an...
CVE-2018-0394
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of param...

Copyright 2018, cxsecurity.com

 

Back to Top