Vulnerability CVE-2016-6366


Published: 2016-08-18

Description:
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

Vendor: Cisco
Product: Pix firewall 
Version: base;
Product: Adaptive security appliance software 
Version:
9.4.2.3
9.4.2
9.4.1.5
9.4.1.3
9.4.1.2
9.4.1.1
9.4.1
9.4.0.115
9.3.5
9.3.3.6
9.3.3.5
9.3.3.2
9.3.3.1
9.3.3
9.3.2.2
9.3.2
9.3.1.1
9.3.1
9.3(2.243)
9.3(2.100)
9.3(1.50)
9.3(1.105)
9.2.4.4
9.2.4.2
9.2.4
9.2.3.4
9.2.3.3
9.2.3
9.2.2.8
9.2.2.7
9.2.2.4
9.2.2
9.2.1
9.2(3.1)
9.2(0.104)
9.2(0.0)
9.1.6.8
9.1.6.6
9.1.6.4
9.1.6.10
9.1.6.1
9.1.6
9.1.5.21
9.1.5.15
9.1.5.12
9.1.5.10
9.1.5
9.1.4.5
9.1.4
9.1.3.2
9.1.3
9.1.2.8
9.1.2
9.1.1.4
9.1.1
9.0.4.7
9.0.4.5
9.0.4.37
9.0.4.35
9.0.4.33
9.0.4.29
9.0.4.26
9.0.4.24
9.0.4.20
9.0.4.17
9.0.4.1
9.0.4
9.0.3.8
9.0.3.6
9.0.3
9.0.2.10
9.0.2
9.0.1
8.7.1.8
8.7.1.7
8.7.1.4
8.7.1.3
8.7.1.17
8.7.1.16
8.7.1.13
8.7.1.11
8.7.1.1
8.7.1
8.6.1.5
8.6.1.2
8.6.1.17
8.6.1.14
8.6.1.13
8.6.1.12
8.6.1.10
8.6.1.1
8.6.1
8.5.1.7
8.5.1.6
8.5.1.24
8.5.1.21
8.5.1.19
See more versions on NVD
Product: Asa 1000v cloud firewall software 
Version: 8.7.1.1; 8.7.1;

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://blogs.cisco.com/security/shadow-brokers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip
https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html

Related CVE
CVE-2018-0328
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected ...
CVE-2018-0327
A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability i...
CVE-2018-0326
A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to ins...
CVE-2018-0324
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of comma...
CVE-2018-0323
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient va...
CVE-2018-0290
A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the a...
CVE-2018-0289
A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the applica...
CVE-2018-0280
A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input va...

Copyright 2018, cxsecurity.com

 

Back to Top