CVE-2016-6366 - Vulnerability Details

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since May 24, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Cisco	7604 7606-s 7609-s 7613-s Adaptive Security Appliance Software Asa 1000v Cloud Firewall Software Asa 5500 Asa 5500-x Asa 5500 Csc-ssm Asa 5505 Asa 5506-x Asa 5506h-x Asa 5506w-x Asa 5508-x Asa 5510 Asa 5512-x Asa 5515-x Asa 5516-x Asa 5520 Asa 5525-x Asa 5540 Asa 5545-x Asa 5550 Asa 5555-x Asa 5580 Asa 5585-x Catalyst 6500 Catalyst 6500-e Catalyst 6503-e Catalyst 6504-e Catalyst 6506-e Catalyst 6509-e Catalyst 6509-neb-a Catalyst 6509-v-e Catalyst 6513 Catalyst 6513-e Pix Firewall 501 Pix Firewall 506 Pix Firewall 506e Pix Firewall 515 Pix Firewall 515e Pix Firewall 520 Pix Firewall 525 Pix Firewall 535 Pix Firewall Software

Configuration 1 [-]

AND

cpe:2.3:o:cisco:pix_firewall_software:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:pix_firewall_501:-:::::::*
	cpe:2.3:h:cisco:pix_firewall_506:-:::::::*
	cpe:2.3:h:cisco:pix_firewall_506e:-:::::::*
	cpe:2.3:h:cisco:pix_firewall_515:-:::::::*
	cpe:2.3:h:cisco:pix_firewall_515e:-:::::::*
	cpe:2.3:h:cisco:pix_firewall_520:-:::::::*
	cpe:2.3:h:cisco:pix_firewall_525:-:::::::*
	cpe:2.3:h:cisco:pix_firewall_535:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

OR	cpe:2.3:h:cisco:7604:-:::::::*
	cpe:2.3:h:cisco:7606-s:-:::::::*
	cpe:2.3:h:cisco:7609-s:-:::::::*
	cpe:2.3:h:cisco:7613-s:-:::::::*
	cpe:2.3:h:cisco:asa_5500:-:::::::*
	cpe:2.3:h:cisco:asa_5500-x:-:::::::*
	cpe:2.3:h:cisco:asa_5500_csc-ssm:-:::::::*
	cpe:2.3:h:cisco:asa_5505:-:::::::*
	cpe:2.3:h:cisco:asa_5506-x:-:::::::*
	cpe:2.3:h:cisco:asa_5506h-x:-:::::::*
	cpe:2.3:h:cisco:asa_5506w-x:-:::::::*
	cpe:2.3:h:cisco:asa_5508-x:-:::::::*
	cpe:2.3:h:cisco:asa_5510:-:::::::*
	cpe:2.3:h:cisco:asa_5512-x:-:::::::*
	cpe:2.3:h:cisco:asa_5515-x:-:::::::*
	cpe:2.3:h:cisco:asa_5516-x:-:::::::*
	cpe:2.3:h:cisco:asa_5520:-:::::::*
	cpe:2.3:h:cisco:asa_5525-x:-:::::::*
	cpe:2.3:h:cisco:asa_5540:-:::::::*
	cpe:2.3:h:cisco:asa_5545-x:-:::::::*
	cpe:2.3:h:cisco:asa_5550:-:::::::*
	cpe:2.3:h:cisco:asa_5555-x:-:::::::*
	cpe:2.3:h:cisco:asa_5580:-:::::::*
	cpe:2.3:h:cisco:asa_5585-x:-:::::::*
	cpe:2.3:h:cisco:catalyst_6500:-:::::::*
	cpe:2.3:h:cisco:catalyst_6500-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_6503-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_6504-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_6506-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_6509-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_6509-neb-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_6509-v-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_6513:-:::::::*
	cpe:2.3:h:cisco:catalyst_6513-e:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:cisco:asa_1000v_cloud_firewall_software:8.7.1:::::::*
	cpe:2.3:o:cisco:asa_1000v_cloud_firewall_software:8.7.1.1:::::::*

No data.

References

Link	Providers
http://blogs.cisco.com/security/shadow-brokers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
http://www.securityfocus.com/bid/92521
http://www.securitytracker.com/id/1036637
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip
https://www.exploit-db.com/exploits/40258/
https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html

History

Fri, 15 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-05-24'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-08-18T18:00:00

Updated: 2024-11-15T18:02:26.862Z

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6366

Vulnrichment

Updated: 2024-08-06T01:29:19.884Z

NVD

Status : Deferred

Published: 2016-08-18T18:59:00.117

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-6366

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "92521", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92521"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.cisco.com/security/shadow-brokers"}, {"name": "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516"}, {"tags": ["x_refsource_MISC"], "url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html"}, {"name": "40258", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40258/"}, {"name": "1036637", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036637"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6366", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92521", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92521"}, {"name": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip", "refsource": "MISC", "url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip"}, {"name": "http://blogs.cisco.com/security/shadow-brokers", "refsource": "CONFIRM", "url": "http://blogs.cisco.com/security/shadow-brokers"}, {"name": "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"}, {"name": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516"}, {"name": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html", "refsource": "MISC", "url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html"}, {"name": "40258", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40258/"}, {"name": "1036637", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036637"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:19.884Z"}, "title": "CVE Program Container", "references": [{"name": "92521", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92521"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blogs.cisco.com/security/shadow-brokers"}, {"name": "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html"}, {"name": "40258", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/40258/"}, {"name": "1036637", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036637"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T17:39:13.881330Z", "id": "CVE-2016-6366", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-05-24", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-6366"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T18:02:26.862Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6366", "datePublished": "2016-08-18T18:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-11-15T18:02:26.862Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/92521", "name": "92521", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://blogs.cisco.com/security/shadow-brokers", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp", "name": "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/40258/", "name": "40258", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1036637", "name": "1036637", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:19.884Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-6366", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-08T17:39:13.881330Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-05-24", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-6366"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T16:07:22.510Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-17T00:00:00", "references": [{"url": "http://www.securityfocus.com/bid/92521", "name": "92521", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip", "tags": ["x_refsource_MISC"]}, {"url": "http://blogs.cisco.com/security/shadow-brokers", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp", "name": "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.exploit-db.com/exploits/40258/", "name": "40258", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://www.securitytracker.com/id/1036637", "name": "1036637", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2016-11-25T20:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/92521", "name": "92521", "refsource": "BID"}, {"url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip", "name": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip", "refsource": "MISC"}, {"url": "http://blogs.cisco.com/security/shadow-brokers", "name": "http://blogs.cisco.com/security/shadow-brokers", "refsource": "CONFIRM"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp", "name": "20160817 Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability", "refsource": "CISCO"}, {"url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516", "name": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516", "refsource": "CONFIRM"}, {"url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html", "name": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html", "refsource": "MISC"}, {"url": "https://www.exploit-db.com/exploits/40258/", "name": "40258", "refsource": "EXPLOIT-DB"}, {"url": "http://www.securitytracker.com/id/1036637", "name": "1036637", "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-6366", "STATE": "PUBLIC", "ASSIGNER": "psirt@cisco.com"}}}}, "cveMetadata": {"cveId": "CVE-2016-6366", "state": "PUBLISHED", "dateUpdated": "2024-11-15T18:02:26.862Z", "dateReserved": "2016-07-26T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2016-08-18T18:00:00", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-06-14", "cisaExploitAdd": "2022-05-24", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:pix_firewall_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "9178BC88-B81B-4F0C-879D-31D9C204F7E8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:pix_firewall_501:-:*:*:*:*:*:*:*", "matchCriteriaId": "93103865-C140-4C93-9A7F-6EEF25958736", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:pix_firewall_506:-:*:*:*:*:*:*:*", "matchCriteriaId": "32283245-33A1-41E2-B8CD-CFC2459F840B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:pix_firewall_506e:-:*:*:*:*:*:*:*", "matchCriteriaId": "107A6891-05FF-4812-B113-96247EDE136F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:pix_firewall_515:-:*:*:*:*:*:*:*", "matchCriteriaId": "A35FF15C-5E02-4AD1-A4E6-E40E93A9F8F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:pix_firewall_515e:-:*:*:*:*:*:*:*", "matchCriteriaId": "008185AD-BF4E-49ED-B3A8-FDA7F82D94E3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:pix_firewall_520:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1D1DB6E-2C3C-4844-A76E-D679735BC150", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:pix_firewall_525:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7181264-0852-4637-A9C0-86CD3BB978AC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:pix_firewall_535:-:*:*:*:*:*:*:*", "matchCriteriaId": "488BE38C-6F9C-4652-92A5-F3626DBEE093", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "F95FC8FC-52B2-4A7D-A0CB-2DDB2BE48F8B", "versionEndExcluding": "9.0.4.40", "versionStartIncluding": "7.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D7DE2BB-3ABB-49FB-8798-37A356839C6B", "versionEndExcluding": "9.1.7\\(9\\)", "versionStartIncluding": "9.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB701E10-57D0-4C9A-8FB7-5A27A4C9D9F0", "versionEndExcluding": "9.2.4\\(14\\)", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "186B85FF-97E6-45C2-ABD0-DBB9C6981EEA", "versionEndExcluding": "9.3.3\\(10\\)", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "59EB3383-005B-443E-A65A-798497D3E750", "versionEndExcluding": "9.4.3\\(8\\)", "versionStartIncluding": "9.4.0.115", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C69FA5A-EC00-4BAF-8EA4-AEE473DD299B", "versionEndIncluding": "9.5\\(3\\)", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B1C470-34BE-4D69-9DF1-0C30866B9498", "versionEndExcluding": "9.6.1\\(11\\)", "versionStartIncluding": "9.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:7604:-:*:*:*:*:*:*:*", "matchCriteriaId": "65973B50-2AA1-4B83-925A-8DB2D4720ADB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:7606-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "25DD80A8-F664-4C30-A89F-C2299CCACB7E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:7609-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "385DBA44-E84B-4752-8E8E-170EF13784D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:7613-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1E30F72-0218-496D-BFAD-CED0AAC5E58E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5500:-:*:*:*:*:*:*:*", "matchCriteriaId": "7018906A-ACDF-4D7B-B816-ED9C235BF04E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5500-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "E10D97EB-51C4-4904-ABBA-5FCDC9B6D062", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5500_csc-ssm:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD44DFA7-9D3E-4158-9551-A698344F9022", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "763B801D-CA1E-4C56-8B06-3373EA307C7E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5506h-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "30AC6907-3091-409F-967D-64A82A0C5A8C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "D11AF728-8EB0-45EB-A7DD-F2D52B3BB7B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "92AE506A-E710-465B-B795-470FDE0E0ECA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*", "matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E07AF10-FFB2-4AC7-BBE7-199C3EFED81F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*", "matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEFBFA86-64F2-4CB0-99E1-FAEFCA690FF8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "15B48565-92C7-4AE1-AE3A-6FF7DD010745", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "F202892E-2E58-4D77-B983-38AFA51CDBC6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F57DF3E-4069-4EF0-917E-84CDDFCEBEEF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BE25114-ABBC-47A0-9C20-E8D40D721313", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "FADD5F49-2817-40EC-861C-C922825708BD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E628F9C4-98C6-4A95-AF81-F1E6A56E8648", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFF899C-1EB3-46D8-9003-EA36A68C90B3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6463491-F63E-44CB-A1D4-C029BE7D3D3D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8668D34-096B-4FC3-B9B1-0ECFD6265778", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_1000v_cloud_firewall_software:8.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D04D15E5-EB98-4A87-AAD5-BC7E553E4EA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_1000v_cloud_firewall_software:8.7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "84BBCF6D-5529-4D7F-A32D-4C1C03139819", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Cisco Adaptive Security Applicance (ASA) Software hasta la versi\u00f3n 9.4.2.3 en dispositivos ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX y FWSM permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes IPv4 SNMP manipulados, tambi\u00e9n conocido como Bug ID CSCva92151 o EXTRABACON."}], "id": "CVE-2016-6366", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-18T18:59:00.117", "references": [{"source": "psirt@cisco.com", "tags": ["Exploit", "Press/Media Coverage", "Vendor Advisory"], "url": "http://blogs.cisco.com/security/shadow-brokers"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516"}, {"source": "psirt@cisco.com", "tags": ["Broken Link", "Not Applicable", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92521"}, {"source": "psirt@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036637"}, {"source": "psirt@cisco.com", "tags": ["Broken Link", "Exploit"], "url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40258/"}, {"source": "psirt@cisco.com", "tags": ["Exploit", "Technical Description"], "url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Press/Media Coverage", "Vendor Advisory"], "url": "http://blogs.cisco.com/security/shadow-brokers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Not Applicable", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92521"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Exploit"], "url": "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40258/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description"], "url": "https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object