{"containers": {"cna": {"affected": [{"product": "Cisco Adaptive Security Appliance (ASA) 9.1(6.10)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Adaptive Security Appliance (ASA) 9.1(6.10)"}]}], "datePublic": "2016-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30)."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa"}, {"name": "94365", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94365"}, {"name": "1037306", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037306"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Adaptive Security Appliance (ASA) 9.1(6.10)", "version": {"version_data": [{"version_value": "Cisco Adaptive Security Appliance (ASA) 9.1(6.10)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa"}, {"name": "94365", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94365"}, {"name": "1037306", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037306"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:20.025Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa"}, {"name": "94365", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94365"}, {"name": "1037306", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037306"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6461", "datePublished": "2016-11-19T02:45:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:20.025Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)4:*:*:*:*:*:*:*", "matchCriteriaId": "07BC9E2D-0B86-4A82-8CB4-A31FFBF322CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)7:*:*:*:*:*:*:*", "matchCriteriaId": "C6887033-E697-47D0-B6E0-61B64E9D3AC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)9:*:*:*:*:*:*:*", "matchCriteriaId": "B4C1AB6D-F2C5-4726-8792-581E8DCB9EB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)11:*:*:*:*:*:*:*", "matchCriteriaId": "BEA1216C-903C-469D-8615-ECFB3AA29BC9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)12:*:*:*:*:*:*:*", "matchCriteriaId": "0707169B-34B9-4666-8EBD-F5967059D6AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "1EF48794-2E5D-4BE0-9BB5-49ADE34F4A82", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.0\\):*:*:*:*:*:*:*", "matchCriteriaId": "A3A13A9C-5387-4670-8E20-FE878946D091", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.104\\):*:*:*:*:*:*:*", "matchCriteriaId": "9F7C7DA3-C24B-41BB-BDBE-7DC58EEAC4F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(3.1\\):*:*:*:*:*:*:*", "matchCriteriaId": "AFC39DA3-8171-4344-A946-7965873C56F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9C31567-8AEB-49C6-AA60-4150411D62AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA140CB2-C17C-4164-A59A-8585906057BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "468D98A7-92D5-4C01-9EDD-CB44B85EA6BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7BAAC9FE-CCF0-4385-B5E9-FC424CD3EFD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "5C9DEB1C-F9B9-4291-92B5-8EEEADC57E51", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "39330218-32FA-42FF-B5CA-288B7D140304", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "A92D7CED-D036-414B-B9EB-DCAF7F425A7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "C4AAAB02-140D-46F2-A315-5791BF5A853F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2EB02DBE-6D60-4D0E-8E9D-7611C3C32748", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A2F3C77-89CD-4990-98FA-E896079B6C87", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "F5D03293-9765-46DB-B53D-1B23D5C14373", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "0286DAF0-FACA-4F94-82E9-EAED8750DB7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "25E77826-1208-4582-A94C-242B601BD456", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "DD617A59-2A4C-4264-BB5D-0126EF292079", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "F5B9FC85-13B8-488C-80C4-C29C0E244601", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "A2E7582A-835E-4A84-B197-EB40EE7985C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.50\\):*:*:*:*:*:*:*", "matchCriteriaId": "1E044883-9952-477A-B2AA-3E0BB90C96A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.105\\):*:*:*:*:*:*:*", "matchCriteriaId": "2E26A1B0-D61C-4A25-8E10-02A2E3E7A02B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.100\\):*:*:*:*:*:*:*", "matchCriteriaId": "6F4A28B7-87A2-464A-92A8-644E3F7D13D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.243\\):*:*:*:*:*:*:*", "matchCriteriaId": "8D83ED80-972A-4548-9AB0-10F9A23DF749", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "26D99395-D18D-458E-9880-19B7767F69D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "ED33F68A-9EB0-416A-A0A5-0DF2C349FFEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7F7DD812-DC72-4816-8B0F-361C32B2CD2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "EC41D4CD-D5EA-4678-B3AA-962C7C937118", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "996C9552-5743-4639-A077-5B057605DF21", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A5779CE0-7691-47DA-902C-4D32D6650C9D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C69BE69-7C19-4ED3-98D3-04B1D41E56FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "E7D12EFD-71D6-480E-97D5-278CCE4A7118", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "56AE55AB-8170-4E3A-AF89-A8F79599901A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "8B10653A-0E7C-4014-825D-76B5B438D378", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "77642A96-EF7F-4138-97BC-B3793EE0FB52", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "AFE9F46B-DD74-4295-BB6A-9239E29F4416", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.0.115:*:*:*:*:*:*:*", "matchCriteriaId": "F8F53875-D589-4C34-B863-67AC9945BED8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "8870EB6E-DAE9-45F9-BBA5-2D20E5E00F83", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B313B0E-4200-427F-A156-1EDA681F439D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8C49821-3BA5-4B44-84F5-113024FD030F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2011F264-53A5-4507-843B-46F66D285ADB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "290AA0BD-EDB0-4BA4-BF85-9CF29A1B7908", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "73FB7BAF-7B3E-4091-A90B-FB19B38FFE74", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6D2DA09B-CFBA-4FDE-A6D0-7C2CF202D72B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "2BE2EE9B-D44E-430D-8469-1DF0ADC322B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC6B45EB-97BB-4683-9092-95E560B2585F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "8D3AA854-0F4D-4B08-A249-B3C19C056D7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "66E55E46-01F5-4C0D-8A69-1BBC590188BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "D96BCCA3-958D-41C4-98CE-1A333F9667A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "245E680B-7A2D-4F98-9D59-6ECF70FE882B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "9C78E5C3-4D0D-4DFD-AA91-93DD58B195F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "F831FD5A-1D54-4DFA-9AED-C3F2CBCE4069", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E29F95F5-6957-46F0-A0A2-CCACBBA14F90", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D9EFD6D-A657-4102-982D-7634AC25E75E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "59593836-990A-4CF1-AFBC-516C4A318641", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "5479676D-6B3F-4154-B0D4-D2C81E6C941F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "F062A64B-7184-49C6-BDF5-8A413B0A85F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30)."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n basada en web HTTP de el Cisco Adaptive Security Appliance (ASA) podr\u00eda permitir a un atacante remoto no autenticado, inyectar comandos XML arbitrarios en el sistema afectado. M\u00e1s informaci\u00f3n: CSCva38556. Lanzamientos conocidos afectados: 9.1(6.10). Lanzamientos conocidos solucionados 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30)."}], "id": "CVE-2016-6461", "lastModified": "2024-11-21T02:56:10.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-19T03:03:04.570", "references": [{"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/94365"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1037306"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/94365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}