SB2016081804 - Local buffer overflow in CLI parser in Cisco ASA Appliances

Description

This security bulletin contains information about 1 security vulnerability.

1) CLI parser buffer overflow (CVE-ID: CVE-2016-6367)

The vulnerability allows a local user to cause denial of service or execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the command-line interface (CLI) parser. A local authenticated user can trigger buffer overflow and reload the affected device or execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a local user to execute arbitrary code on vulnerable system.

The following models of CISCO ASA appliances are affected:

• Cisco ASA 5500 Series Adaptive Security Appliances
• Cisco ASA 5500-X Series Next-Generation Firewalls
• Cisco PIX Firewalls
• Cisco Firewall Services Module (FWSM)

Note: this is a zero-day vulnerability, discovered after security breach of The Equation Group. The exploit code for this vulnerability was publicly exposed and is referred as EPICBANANA Exploit.

Remediation

Install update from vendor's website.

References

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli
• https://blogs.cisco.com/security/shadow-brokers