← Retour aux CVEs
CVE-2016-6366
HIGHCISA KEV8.8
Description
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie8/18/2016
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurCisco
ProduitAdaptive Security Appliance (ASA)
Nom vulnerabiliteCisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability
Date ajout KEV2022-05-24
Date limite remediation2022-06-14
Utilise dans ransomwareUnknown
Produits affectes
cisco:7604cisco:7606-scisco:7609-scisco:7613-scisco:adaptive_security_appliance_softwarecisco:asa_1000v_cloud_firewall_softwarecisco:asa_5500cisco:asa_5500-xcisco:asa_5500_csc-ssmcisco:asa_5505cisco:asa_5506-xcisco:asa_5506h-xcisco:asa_5506w-xcisco:asa_5508-xcisco:asa_5510cisco:asa_5512-xcisco:asa_5515-xcisco:asa_5516-xcisco:asa_5520cisco:asa_5525-xcisco:asa_5540cisco:asa_5545-xcisco:asa_5550cisco:asa_5555-xcisco:asa_5580cisco:asa_5585-xcisco:catalyst_6500cisco:catalyst_6500-ecisco:catalyst_6503-ecisco:catalyst_6504-ecisco:catalyst_6506-ecisco:catalyst_6509-ecisco:catalyst_6509-neb-acisco:catalyst_6509-v-ecisco:catalyst_6513cisco:catalyst_6513-ecisco:pix_firewall_501cisco:pix_firewall_506cisco:pix_firewall_506ecisco:pix_firewall_515cisco:pix_firewall_515ecisco:pix_firewall_520cisco:pix_firewall_525cisco:pix_firewall_535cisco:pix_firewall_software
Faiblesses (CWE)
CWE-120CWE-120
References
http://blogs.cisco.com/security/shadow-brokers(psirt@cisco.com)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp(psirt@cisco.com)
http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516(psirt@cisco.com)
http://www.securityfocus.com/bid/92521(psirt@cisco.com)
http://www.securitytracker.com/id/1036637(psirt@cisco.com)
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip(psirt@cisco.com)
https://www.exploit-db.com/exploits/40258/(psirt@cisco.com)
http://blogs.cisco.com/security/shadow-brokers(af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp(af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92521(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036637(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40258/(af854a3a-2127-422b-91ae-364da2661108)
https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6366(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.