CVE-2016-6366
Description
A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code.
CISA KEV
- Vendor
- Cisco
- Product
- Adaptive Security Appliance (ASA)
- Due date
- 2022-06-14
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass
# Exploit Title: Cisco ASA 8.X Authentication Bypass
# Date: 17-08-2016
# Exploit Author: Equation Group
# Vendor Homepage: Cisco
# Software Link: Cisco
# Version: Cisco ASA 8.X
# Tested on: Cisco ASA 8.4.2
# CVE : Not sure
Requirements:
* SNMP read (public) string
* Access to SNMP service
* SSH port accessible
Full Exploit:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40258.zipMetasploit modules
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.