Vulnerabilities > CVE-2016-6367 - Unspecified vulnerability in Cisco Adaptive Security Appliance Software

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cisco

nessus

exploit available

NVD

Published: 2016-08-18

Updated: 2023-08-11

Summary

Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Adaptive Security Appliance Software 7.0.7.1 Cisco Adaptive Security Appliance Software 7.0.7.9 Cisco Adaptive Security Appliance Software 7.0.7.12 Cisco Adaptive Security Appliance Software 7.0.6.4 Cisco Adaptive Security Appliance Software 7.0.8.13 Cisco Adaptive Security Appliance Software 7.0.3 Cisco Adaptive Security Appliance Software 7.0.8.2 Cisco Adaptive Security Appliance Software 7.0.7.4 Cisco Adaptive Security Appliance Software 7.0.4 Cisco Adaptive Security Appliance Software 7.0.1 Cisco Adaptive Security Appliance Software 7.0.7 Cisco Adaptive Security Appliance Software 7.0.2 Cisco Adaptive Security Appliance Software 7.0.1.4 Cisco Adaptive Security Appliance Software 7.0.6 Cisco Adaptive Security Appliance Software 7.0.6.8 Cisco Adaptive Security Appliance Software 7.0.8.8 Cisco Adaptive Security Appliance Software 7.0.6.18 Cisco Adaptive Security Appliance Software 7.0.6.32 Cisco Adaptive Security Appliance Software 7.0.8.12 Cisco Adaptive Security Appliance Software 7.0.5 Cisco Adaptive Security Appliance Software 7.0.4.2 Cisco Adaptive Security Appliance Software 7.0.6.29 Cisco Adaptive Security Appliance Software 7.0.5.12 Cisco Adaptive Security Appliance Software 7.0.8 Cisco Adaptive Security Appliance Software 7.0.6.22 Cisco Adaptive Security Appliance Software 7.0.6.26 Cisco Adaptive Security Appliance Software 7.2.4.30 Cisco Adaptive Security Appliance Software 7.1.2.24 Cisco Adaptive Security Appliance Software 7.2.4.18 Cisco Adaptive Security Appliance Software 7.1.2.81 Cisco Adaptive Security Appliance Software 7.2.3.12 Cisco Adaptive Security Appliance Software 7.2.5.7 Cisco Adaptive Security Appliance Software 7.2.1.24 Cisco Adaptive Security Appliance Software 7.2.3.16 Cisco Adaptive Security Appliance Software 7.2.1.13 Cisco Adaptive Security Appliance Software 7.2.2.10 Cisco Adaptive Security Appliance Software 7.1.2.16 Cisco Adaptive Security Appliance Software 7.1.2.28 Cisco Adaptive Security Appliance Software 7.1.2.20 Cisco Adaptive Security Appliance Software 7.2.4.33 Cisco Adaptive Security Appliance Software 7.2.2.22 Cisco Adaptive Security Appliance Software 7.1.2.64 Cisco Adaptive Security Appliance Software 7.2.5.12 Cisco Adaptive Security Appliance Software 7.2.3 Cisco Adaptive Security Appliance Software 7.2.5.16 Cisco Adaptive Security Appliance Software 7.2.1.19 Cisco Adaptive Security Appliance Software 7.2.4.27 Cisco Adaptive Security Appliance Software 7.1.2.46 Cisco Adaptive Security Appliance Software 7.2.2.14 Cisco Adaptive Security Appliance Software 7.2.2.18 Cisco Adaptive Security Appliance Software 7.2.5.4 Cisco Adaptive Security Appliance Software 7.1.2.61 Cisco Adaptive Security Appliance Software 7.2.3.1 Cisco Adaptive Security Appliance Software 7.2.5.10 Cisco Adaptive Security Appliance Software 7.2.1.9 Cisco Adaptive Security Appliance Software 7.1.2.42 Cisco Adaptive Security Appliance Software 7.2.2.6 Cisco Adaptive Security Appliance Software 7.2.4.9 Cisco Adaptive Security Appliance Software 7.2.2 Cisco Adaptive Security Appliance Software 7.2.2.34 Cisco Adaptive Security Appliance Software 7.1.2.49 Cisco Adaptive Security Appliance Software 7.2.5.2 Cisco Adaptive Security Appliance Software 7.1.2.72 Cisco Adaptive Security Appliance Software 7.1.2.53 Cisco Adaptive Security Appliance Software 7.2.4.25 Cisco Adaptive Security Appliance Software 7.2.4.6 Cisco Adaptive Security Appliance Software 7.2.2.19 Cisco Adaptive Security Appliance Software 7.2.4 Cisco Adaptive Security Appliance Software 7.1.2.38 Cisco Adaptive Security Appliance Software 7.2.5 Cisco Adaptive Security Appliance Software 7.2.5.8 Cisco Adaptive Security Appliance Software 7.1.2 Cisco Adaptive Security Appliance Software 7.2.1 Cisco Adaptive Security Appliance Software 8.3.2.40 Cisco Adaptive Security Appliance Software 8.3.1 Cisco Adaptive Security Appliance Software 8.0.4.28 Cisco Adaptive Security Appliance Software 8.2.2 Cisco Adaptive Security Appliance Software 8.3.1.1 Cisco Adaptive Security Appliance Software 8.0.1.2 Cisco Adaptive Security Appliance Software 8.0.5.27 Cisco Adaptive Security Appliance Software 8.0.4.33 Cisco Adaptive Security Appliance Software 8.3.1.6 Cisco Adaptive Security Appliance Software 8.2.5.40 Cisco Adaptive Security Appliance Software 8.1.2.49 Cisco Adaptive Security Appliance Software 8.2.1 Cisco Adaptive Security Appliance Software 8.2.2.12 Cisco Adaptive Security Appliance Software 8.0.4.3 Cisco Adaptive Security Appliance Software 8.2.5.22 Cisco Adaptive Security Appliance Software 8.2.5.33 Cisco Adaptive Security Appliance Software 8.2.5.41 Cisco Adaptive Security Appliance Software 8.2.4.4 Cisco Adaptive Security Appliance Software 8.2.2.10 Cisco Adaptive Security Appliance Software 8.0.5.23 Cisco Adaptive Security Appliance Software 8.3.2.37 Cisco Adaptive Security Appliance Software 8.1.1 Cisco Adaptive Security Appliance Software 8.3.2.39 Cisco Adaptive Security Appliance Software 8.0.4.25 Cisco Adaptive Security Appliance Software 8.0.4.16 Cisco Adaptive Security Appliance Software 8.2.5.26 Cisco Adaptive Security Appliance Software 8.0.5.20 Cisco Adaptive Security Appliance Software 8.0.4.9 Cisco Adaptive Security Appliance Software 8.1.2 Cisco Adaptive Security Appliance Software 8.3.2 Cisco Adaptive Security Appliance Software 8.3.2.33 Cisco Adaptive Security Appliance Software 8.2.4 Cisco Adaptive Security Appliance Software 8.1.2.24 Cisco Adaptive Security Appliance Software 8.2.5.57 Cisco Adaptive Security Appliance Software 8.3.2.41 Cisco Adaptive Security Appliance Software 8.1.2.23 Cisco Adaptive Security Appliance Software 8.2.4.1 Cisco Adaptive Security Appliance Software 8.2.3 Cisco Adaptive Security Appliance Software 8.3.1.4 Cisco Adaptive Security Appliance Software 8.3.2.44 Cisco Adaptive Security Appliance Software 8.0.5.28 Cisco Adaptive Security Appliance Software 8.0.4.31 Cisco Adaptive Security Appliance Software 8.3.2.34 Cisco Adaptive Security Appliance Software 8.0.4.23 Cisco Adaptive Security Appliance Software 8.2.5.50 Cisco Adaptive Security Appliance Software 8.0.2 Cisco Adaptive Security Appliance Software 8.2.5 Cisco Adaptive Security Appliance Software 8.1.2.19 Cisco Adaptive Security Appliance Software 8.3.2.13 Cisco Adaptive Security Appliance Software 8.2.5.13 Cisco Adaptive Security Appliance Software 8.3.2.23 Cisco Adaptive Security Appliance Software 8.1.2.55 Cisco Adaptive Security Appliance Software 8.2.5.52 Cisco Adaptive Security Appliance Software 8.0.2.11 Cisco Adaptive Security Appliance Software 8.3.2.31 Cisco Adaptive Security Appliance Software 8.1.2.16 Cisco Adaptive Security Appliance Software 8.2.5.55 Cisco Adaptive Security Appliance Software 8.1.2.56 Cisco Adaptive Security Appliance Software 8.3.2.4 Cisco Adaptive Security Appliance Software 8.0.3.6 Cisco Adaptive Security Appliance Software 8.1.1.6 Cisco Adaptive Security Appliance Software 8.0.4.32 Cisco Adaptive Security Appliance Software 8.0.5.31 Cisco Adaptive Security Appliance Software 8.1.0.104 Cisco Adaptive Security Appliance Software 8.0.5 Cisco Adaptive Security Appliance Software 8.2.2.17 Cisco Adaptive Security Appliance Software 8.2.2.9 Cisco Adaptive Security Appliance Software 8.0.4 Cisco Adaptive Security Appliance Software 8.1.2.13 Cisco Adaptive Security Appliance Software 8.0.3.19 Cisco Adaptive Security Appliance Software 8.2.2.16 Cisco Adaptive Security Appliance Software 8.0.3 Cisco Adaptive Security Appliance Software 8.0.2.15 Cisco Adaptive Security Appliance Software 8.3.2.25 Cisco Adaptive Security Appliance Software 8.2.1.11 Cisco Adaptive Security Appliance Software 8.2.5.46 Cisco Adaptive Security Appliance Software 8.0.5.25 Cisco Adaptive Security Appliance Software 8.2.5.48 Cisco Adaptive Security Appliance Software 8.1.2.50 Cisco Adaptive Security Appliance Software 8.1.2.15 Cisco Adaptive Security Appliance Software 8.0.3.12 Cisco Adaptive Security Appliance Software 8.2.0.45	155

Exploit-Db

description	Cisco ASA / PIX - Privilege Escalation (EPICBANANA). CVE-2016-6367. Local exploit for Hardware platform
file	exploits/hardware/local/40271.txt
id	EDB-ID:40271
last seen	2016-08-19
modified	2016-08-19
platform	hardware
port
published	2016-08-19
reporter	Shadow Brokers
title	Cisco ASA / PIX - Privilege Escalation (EPICBANANA)
type	local

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20160817-ASA-CLI.NASL
description	The Cisco Adaptive Security Appliance (ASA) is missing a vendor-supplied security patch. It is, therefore, affected by a flaw in the command-line interface (CLI) parser related to processing invalid commands. An authenticated, local attacker can exploit this, via certain invalid commands, to cause a denial of service condition or the execution of arbitrary code. EPICBANANA is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
last seen	2020-06-01
modified	2020-06-02
plugin id	93347
published	2016-09-07
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93347
title	Cisco ASA Software CLI Invalid Command Invocation (cisco-sa-20160817-asa-cli) (EPICBANANA)

The Hacker News

id	THN:05BB2798ECF69CCBCACF84ECB5BF1A26
last seen	2018-01-27
modified	2016-08-20
published	2016-08-19
reporter	Mohit Kumar
source	https://thehackernews.com/2016/08/nsa-hack-exploit.html
title	Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm

Summary

Vulnerable Configurations

Exploit-Db

Nessus

The Hacker News

References