Main Vulnerability Database Vulnerabilities #VU324

#VU324 SNMP remote code execution in Cisco Systems, Inc products - CVE-2016-6366

Published: August 18, 2016 / Updated: May 24, 2022

Vulnerability identifier: #VU324

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2016-6366

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Cisco ASA 5500
Cisco ASA 5580
Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500-X Series
Cisco ASA 1000V Cloud Firewall
Cisco ASA Series

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling SNMP packets. A remote attacker with knowledge of SNMP community string can cause buffer overflow and cause the target device to reload or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in full compromise of affected system.

The following models of CISCO ASA appliances are affected:

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Cisco ASA 1000V Cloud Firewall
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Firepower 9300 ASA Security Module
Cisco PIX Firewalls
Cisco Firewall Services Module (FWSM)

Note: this is a zero-day vulnerability, discovered after security breach of The Equation Group. The exploit code for this vulnerability was publicly exposed and is referred as EXTRABACON Exploit.

Remediation

Install patches from vendor's website.

#VU324 SNMP remote code execution in Cisco Systems, Inc products - CVE-2016-6366

Description

Remediation

External links