Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-6367 |
CWE-ID | CWE-119 |
Exploitation vector | Local |
Public exploit | This vulnerability is being exploited in the wild. |
Vulnerable software |
Cisco ASA 5500 Hardware solutions / Security hardware applicances Cisco ASA 5500-X Series Hardware solutions / Security hardware applicances Cisco PIX Firewall Hardware solutions / Security hardware applicances |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU325
Risk: Medium
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-6367
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to cause denial of service or execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the command-line interface (CLI) parser. A local authenticated user can trigger buffer overflow and reload the affected device or execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow a local user to execute arbitrary code on vulnerable system.
The following models of CISCO ASA appliances are affected:
Note: this is a zero-day vulnerability, discovered after security breach of The Equation Group. The exploit code for this vulnerability was publicly exposed and is referred as EPICBANANA Exploit.
MitigationUpdate to Cisco ASA Software Releases 8.4.1 and later.
Vulnerable software versionsCisco ASA 5500: 7.2.5 - 8.4.x
Cisco ASA 5500-X Series: 8.6.x
Cisco PIX Firewall: All versions
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli
http://blogs.cisco.com/security/shadow-brokers
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.