Main Vulnerability Database Vulnerabilities #VU325

CLI parser buffer overflow in Cisco Systems, Inc products - CVE-2016-6367

Published: August 18, 2016 / Updated: May 24, 2022

Vulnerability identifier: #VU325

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2016-6367

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Cisco Systems, Inc

Affected software:
Cisco ASA 5500
Cisco ASA 5500-X Series
Cisco PIX Firewall

Detailed vulnerability description

The vulnerability allows a local user to cause denial of service or execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the command-line interface (CLI) parser. A local authenticated user can trigger buffer overflow and reload the affected device or execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a local user to execute arbitrary code on vulnerable system.

The following models of CISCO ASA appliances are affected:

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco PIX Firewalls
Cisco Firewall Services Module (FWSM)

Note: this is a zero-day vulnerability, discovered after security breach of The Equation Group. The exploit code for this vulnerability was publicly exposed and is referred as EPICBANANA Exploit.

How to mitigate CVE-2016-6367

Update to Cisco ASA Software Releases 8.4.1 and later.

CLI parser buffer overflow in Cisco Systems, Inc products - CVE-2016-6367

Detailed vulnerability description

How to mitigate CVE-2016-6367

Sources

Please verify you're human