Details of VAR-201608-0222

ID

VAR-201608-0222

CVE

CVE-2016-6366

TITLE

Cisco Adaptive Security Appliance Software Remote Code Execution Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-06432 // CNNVD: CNNVD-201608-012

DESCRIPTION

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON. Bug ID CSCva92151 or EXTRABACON It is published as.A remote authenticated user may be able to exploit IPv4 SNMP Arbitrary code may be executed via packets. The CiscoASA5500 Series Adaptive Security Appliance is a modular platform for providing security and VPN services with firewall, IPS, anti-X and VPN services. A remote code execution vulnerability exists in the SNMP code for CiscoAdaptiveSecurityAppliance(ASA)Software. Cisco Adaptive Security Appliance products are prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue being tracked by Cisco Bug ID CSCva92151

Trust: 2.61

sources: NVD: CVE-2016-6366 // JVNDB: JVNDB-2016-004414 // CNVD: CNVD-2016-06432 // BID: 92521 // VULHUB: VHN-95186 // VULMON: CVE-2016-6366

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06432

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.3.3\(10\)	Trust: 1.0
vendor:	cisco	model:	pix firewall software	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.4.3\(8\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.5\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.2.4\(14\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	7.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.3.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1.7\(9\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.4.0.115	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0.4.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.6.1\(11\)	Trust: 1.0
vendor:	cisco	model:	asa 1000v cloud firewall software	scope:	eq	version:	8.7.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.6.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.2.0	Trust: 1.0
vendor:	cisco	model:	asa 1000v cloud firewall software	scope:	eq	version:	8.7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.5.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco asa 1000v クラウドファイアウォールソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower services for asa	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco pix firewall ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco adaptive security appliance ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firewall services module	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	asa series next-generation firewalls	scope:	eq	version:	5500-x	Trust: 0.6
vendor:	cisco	model:	adaptive security virtual appliance	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	firepower asa security module	scope:	eq	version:	9300	Trust: 0.6
vendor:	cisco	model:	pix firewalls	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	industrial security appliance	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	firepower series	scope:	eq	version:	4100	Trust: 0.6
vendor:	cisco	model:	asa cloud firewall	scope:	eq	version:	1000v	Trust: 0.6
vendor:	cisco	model:	asa services module for cisco series routers	scope:	eq	version:	7600	Trust: 0.6
vendor:	cisco	model:	asa services module for cisco catalyst series switches	scope:	eq	version:	6500	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliances	scope:	eq	version:	5500	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.19	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.1.1	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.0	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.1.7	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.1.4	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.1.2	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.7.9	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.1.3	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.1.6	Trust: 0.6
vendor:	cisco	model:	firepower services software for asa	scope:	eq	version:	5.4.1.5	Trust: 0.6
vendor:	cisco	model:	pix firewalls	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firepower asa security module	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco catalyst series switches	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	asa series next-generation firewalls	scope:	eq	version:	5500-x0	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliances	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	asa cloud firewall	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	adaptive security virtual appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	series routers	scope:	eq	version:	76000	Trust: 0.3

sources: CNVD: CNVD-2016-06432 // BID: 92521 // JVNDB: JVNDB-2016-004414 // CNNVD: CNNVD-201608-012 // NVD: CVE-2016-6366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6366
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6366
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-06432
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201608-012
value:	HIGH
Trust: 0.6
VULHUB:	VHN-95186
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-6366
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-6366
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-06432
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-95186
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6366
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-6366
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-06432 // VULHUB: VHN-95186 // VULMON: CVE-2016-6366 // JVNDB: JVNDB-2016-004414 // CNNVD: CNNVD-201608-012 // NVD: CVE-2016-6366

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-95186 // JVNDB: JVNDB-2016-004414 // NVD: CVE-2016-6366

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-012

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201608-012

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-95186 // VULMON: CVE-2016-6366

PATCH

title:	cisco-sa-20160817-asa-snmp	url:	http://blogs.cisco.com/security/shadow-brokers	Trust: 0.8
title:	Patch for CiscoAdaptiveSecurityApplianceSoftware Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/80568	Trust: 0.6
title:	Cisco Adaptive Security Appliance Software Fixes for remote code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63641	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160817-asa-snmp	Trust: 0.1
title:	https://github.com/RoyeeW/pentest-wiki	url:	https://github.com/RoyeeW/pentest-wiki	Trust: 0.1
title:	MS17-010	url:	https://github.com/pythonone/MS17-010	Trust: 0.1
title:	CVE-2016-6366	url:	https://github.com/RiskSense-Ops/CVE-2016-6366	Trust: 0.1
title:	https://github.com/nixawk/pentest-wiki	url:	https://github.com/nixawk/pentest-wiki	Trust: 0.1
title:	https://github.com/erSubhashThapa/pentestwiki	url:	https://github.com/erSubhashThapa/pentestwiki	Trust: 0.1
title:	https://github.com/zerosum0x0-archive/archive	url:	https://github.com/zerosum0x0-archive/archive	Trust: 0.1
title:	VPN arsenal	url:	https://github.com/0x90/vpn-arsenal	Trust: 0.1
title:	Awesome Scapy	url:	https://github.com/gpotter2/awesome-scapy	Trust: 0.1
title:	Awesome Scapy	url:	https://github.com/secdev/awesome-scapy	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/JERRY123S/all-poc	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/hktalent/TOP	Trust: 0.1
title:	Table of Contents	url:	https://github.com/CVEDB/top	Trust: 0.1
title:	Table of Contents	url:	https://github.com/CVEDB/awesome-cve-repo	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/weeka10/-hktalent-TOP	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/cyberanand1337x/bug-bounty-2022	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-begins-patching-equation-group-asa-zero-day/120124/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/leaked-shadowbrokers-attack-upgraded-to-target-current-versions-of-cisco-asa/120102/	Trust: 0.1

sources: CNVD: CNVD-2016-06432 // VULMON: CVE-2016-6366 // JVNDB: JVNDB-2016-004414 // CNNVD: CNNVD-201608-012

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6366	Trust: 4.3
db:	BID	id:	92521	Trust: 2.1
db:	SECTRACK	id:	1036637	Trust: 1.2
db:	EXPLOIT-DB	id:	40258	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-004414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-012	Trust: 0.7
db:	CNVD	id:	CNVD-2016-06432	Trust: 0.6
db:	VULHUB	id:	VHN-95186	Trust: 0.1
db:	VULMON	id:	CVE-2016-6366	Trust: 0.1

sources: CNVD: CNVD-2016-06432 // VULHUB: VHN-95186 // VULMON: CVE-2016-6366 // BID: 92521 // JVNDB: JVNDB-2016-004414 // CNNVD: CNNVD-201608-012 // NVD: CVE-2016-6366

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-asa-snmp	Trust: 2.8
url:	http://blogs.cisco.com/security/shadow-brokers	Trust: 2.1
url:	http://tools.cisco.com/security/center/viewerp.x?alertid=erp-56516	Trust: 1.8
url:	http://www.securityfocus.com/bid/92521	Trust: 1.3
url:	https://www.exploit-db.com/exploits/40258/	Trust: 1.3
url:	https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip	Trust: 1.2
url:	https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html	Trust: 1.2
url:	http://www.securitytracker.com/id/1036637	Trust: 1.2
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6366	Trust: 0.8
url:	https://cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/royeew/pentest-wiki	Trust: 0.1
url:	https://github.com/pythonone/ms17-010	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2016-06432 // VULHUB: VHN-95186 // VULMON: CVE-2016-6366 // BID: 92521 // JVNDB: JVNDB-2016-004414 // CNNVD: CNNVD-201608-012 // NVD: CVE-2016-6366

CREDITS

Shadow Brokers group

Trust: 0.6

sources: CNNVD: CNNVD-201608-012

SOURCES

db:	CNVD	id:	CNVD-2016-06432
db:	VULHUB	id:	VHN-95186
db:	VULMON	id:	CVE-2016-6366
db:	BID	id:	92521
db:	JVNDB	id:	JVNDB-2016-004414
db:	CNNVD	id:	CNNVD-201608-012
db:	NVD	id:	CVE-2016-6366

LAST UPDATE DATE

2024-11-23T22:59:28.010000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06432	date:	2016-08-19T00:00:00
db:	VULHUB	id:	VHN-95186	date:	2016-11-28T00:00:00
db:	VULMON	id:	CVE-2016-6366	date:	2023-08-15T00:00:00
db:	BID	id:	92521	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004414	date:	2024-07-08T04:48:00
db:	CNNVD	id:	CNNVD-201608-012	date:	2016-08-19T00:00:00
db:	NVD	id:	CVE-2016-6366	date:	2024-11-21T02:55:59.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06432	date:	2016-08-22T00:00:00
db:	VULHUB	id:	VHN-95186	date:	2016-08-18T00:00:00
db:	VULMON	id:	CVE-2016-6366	date:	2016-08-18T00:00:00
db:	BID	id:	92521	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004414	date:	2016-08-22T00:00:00
db:	CNNVD	id:	CNNVD-201608-012	date:	2016-08-18T00:00:00
db:	NVD	id:	CVE-2016-6366	date:	2016-08-18T18:59:00.117