CVE-2016-6367 : Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA

Products affected by CVE-2016-6367

Cisco » Adaptive Security Appliance Software
Versions from including (>=) 8.5 and before (<) 9.0\(1\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asa 5500 » Version: N/A
When used together with: Cisco » Asa 5500-x » Version: N/A
When used together with: Cisco » Asa 5500 Csc-ssm » Version: N/A
When used together with: Cisco » Asa 5505 » Version: N/A
When used together with: Cisco » Asa 5506-x » Version: N/A
When used together with: Cisco » Asa 5506h-x » Version: N/A
When used together with: Cisco » Asa 5506w-x » Version: N/A
When used together with: Cisco » Asa 5508-x » Version: N/A
When used together with: Cisco » Asa 5510 » Version: N/A
When used together with: Cisco » Asa 5512-x » Version: N/A
When used together with: Cisco » Asa 5515-x » Version: N/A
When used together with: Cisco » Asa 5516-x » Version: N/A
When used together with: Cisco » Asa 5520 » Version: N/A
When used together with: Cisco » Asa 5525-x » Version: N/A
When used together with: Cisco » Asa 5540 » Version: N/A
When used together with: Cisco » Asa 5545-x » Version: N/A
When used together with: Cisco » Asa 5550 » Version: N/A
When used together with: Cisco » Asa 5555-x » Version: N/A
When used together with: Cisco » Asa 5580 » Version: N/A
When used together with: Cisco » Asa 5585-x » Version: N/A
When used together with: Cisco » Firewall Services Module » Version: N/A
When used together with: Cisco » Pix Firewall 501 » Version: N/A
When used together with: Cisco » Pix Firewall 506 » Version: N/A
When used together with: Cisco » Pix Firewall 506e » Version: N/A
When used together with: Cisco » Pix Firewall 515 » Version: N/A
When used together with: Cisco » Pix Firewall 515e » Version: N/A
When used together with: Cisco » Pix Firewall 520 » Version: N/A
When used together with: Cisco » Pix Firewall 525 » Version: N/A
When used together with: Cisco » Pix Firewall 535 » Version: N/A
Cisco » Adaptive Security Appliance Software
Versions from including (>=) 7.2.0 and before (<) 8.4\(3\)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asa 5500 » Version: N/A
When used together with: Cisco » Asa 5500-x » Version: N/A
When used together with: Cisco » Asa 5500 Csc-ssm » Version: N/A
When used together with: Cisco » Asa 5505 » Version: N/A
When used together with: Cisco » Asa 5506-x » Version: N/A
When used together with: Cisco » Asa 5506h-x » Version: N/A
When used together with: Cisco » Asa 5506w-x » Version: N/A
When used together with: Cisco » Asa 5508-x » Version: N/A
When used together with: Cisco » Asa 5510 » Version: N/A
When used together with: Cisco » Asa 5512-x » Version: N/A
When used together with: Cisco » Asa 5515-x » Version: N/A
When used together with: Cisco » Asa 5516-x » Version: N/A
When used together with: Cisco » Asa 5520 » Version: N/A
When used together with: Cisco » Asa 5525-x » Version: N/A
When used together with: Cisco » Asa 5540 » Version: N/A
When used together with: Cisco » Asa 5545-x » Version: N/A
When used together with: Cisco » Asa 5550 » Version: N/A
When used together with: Cisco » Asa 5555-x » Version: N/A
When used together with: Cisco » Asa 5580 » Version: N/A
When used together with: Cisco » Asa 5585-x » Version: N/A
When used together with: Cisco » Firewall Services Module » Version: N/A
When used together with: Cisco » Pix Firewall 501 » Version: N/A
When used together with: Cisco » Pix Firewall 506 » Version: N/A
When used together with: Cisco » Pix Firewall 506e » Version: N/A
When used together with: Cisco » Pix Firewall 515 » Version: N/A
When used together with: Cisco » Pix Firewall 515e » Version: N/A
When used together with: Cisco » Pix Firewall 520 » Version: N/A
When used together with: Cisco » Pix Firewall 525 » Version: N/A
When used together with: Cisco » Pix Firewall 535 » Version: N/A

CVE-2016-6367 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2016-6367

Added on 2022-05-24 Action due date 2022-06-14

Exploit prediction scoring system (EPSS) score for CVE-2016-6367

EPSS FAQ

93.85%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-6367

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:L/AC:L/Au:S/C:C/I:C/A:C	3.1	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-07-02
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-6367

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-6367

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli

Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1036636

Cisco ASA Command Line Interface Bug Lets Local Users Deny Service and Gain Elevated Privileges - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry
http://blogs.cisco.com/security/shadow-brokers

The Shadow Brokers EPICBANANA and EXTRABACON Exploits - Cisco Blog
Exploit;Press/Media Coverage;Vendor Advisory

CVEs referencing this url
http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516

Cisco Event Response: Cisco ASA and IOS Vulnerabilities
Vendor Advisory

CVEs referencing this url
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip

Page not found · GitHub · GitHub
Broken Link;Exploit
https://www.exploit-db.com/exploits/40271/

Cisco ASA / PIX - 'EPICBANANA' Local Privilege Escalation
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/92520

Multiple Cisco Products CVE-2016-6367 Local Code Execution Vulnerability
Broken Link;Third Party Advisory;VDB Entry