Buffer overflow in Cisco Adaptive Security Appliance (ASA) - CVE-2016-6432
Published: October 19, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU1048
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6432
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA)
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is caused by improper checking of the input. By returning a specially crafted NetBIOS packet via IPv4 in response to a NetBIOS probe sent by the target system, attackers can trigger a buffer overflow that lets execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness is caused by improper checking of the input. By returning a specially crafted NetBIOS packet via IPv4 in response to a NetBIOS probe sent by the target system, attackers can trigger a buffer overflow that lets execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-6432
Update to version 9.0(4.42), 9.1(7.11), 9.2(4.17), 9.3(3.11), 9.4(3.11), 9.5(3.1), 9.6(2.1).