Main Vulnerability Database Vulnerabilities #VU325

#VU325 CLI parser buffer overflow in Cisco Systems, Inc products - CVE-2016-6367

Published: August 18, 2016 / Updated: May 24, 2022

Vulnerability identifier: #VU325

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2016-6367

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Cisco ASA 5500
Cisco ASA 5500-X Series
Cisco PIX Firewall

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to cause denial of service or execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the command-line interface (CLI) parser. A local authenticated user can trigger buffer overflow and reload the affected device or execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow a local user to execute arbitrary code on vulnerable system.

The following models of CISCO ASA appliances are affected:

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco PIX Firewalls
Cisco Firewall Services Module (FWSM)

Note: this is a zero-day vulnerability, discovered after security breach of The Equation Group. The exploit code for this vulnerability was publicly exposed and is referred as EPICBANANA Exploit.

Remediation

Update to Cisco ASA Software Releases 8.4.1 and later.

#VU325 CLI parser buffer overflow in Cisco Systems, Inc products - CVE-2016-6367

Description

Remediation

External links