Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

cisco-sa-20160817-asa-snmp · High · Published · Updated

A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3) when enabled on a virtual or physical Cisco ASA device. An attacker could exploit this vulnerability by sending crafted SNMP packets to an SNMP-enabled interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. The attacker must know the SNMP community string to exploit this vulnerability. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic only. The attacker requires knowledge of the configured SNMP community string in SNMP version 1 and SNMP version 2c or a valid username and password for SNMP version 3. Cisco has released software updates that address this vulnerability. Mitigations are listed in the Workarounds section of this advisory. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to allow only trusted users to have SNMP access and to monitor affected systems using the snmp-server host command.

The SNMP["http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/monitor-snmp.html"] chapter of the Cisco ASA Series General Operations CLI Configuration Guide explains how SNMP is configured in the Cisco ASA.

The attacker must know the community strings to successfully launch an attack against an affected device. Community strings are passwords that are applied to an ASA device to restrict both read-only and read-write access to the SNMP data on the device. These community strings, as with all passwords, should be carefully chosen to ensure they are not trivial. Community strings should be changed at regular intervals and in accordance with network security policies. For example, the strings should be changed when a network administrator changes roles or leaves the company.

CVEsCVE-2016-6366
Cisco Bug IDsCSCva92151
CVSS ScoreBase 8.5
Base 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C/E:H/RL:W/RC:C
Base 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco PIX Firewall, Cisco ASA 1000V Cloud Firewall Software, Cisco FirePOWER Services Software for ASA, Cisco Adaptive Security Appliance (ASA) Software 7.0.1, Cisco Adaptive Security Appliance (ASA) Software 7.0.1.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.4.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.3, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.1, Cisco Adaptive Security Appliance (ASA) Software 7.0.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.7, Cisco Adaptive Security Appliance (ASA) Software 7.0.6, Cisco Adaptive Security Appliance (ASA) Software 7.0.5, Cisco Adaptive Security Appliance (ASA) Software 7.0.5.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.18, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.22, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.26, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.29, Cisco Adaptive Security Appliance (ASA) Software 7.0.6.32, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.4, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.9, Cisco Adaptive Security Appliance (ASA) Software 7.0.7.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.2, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.8, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.12, Cisco Adaptive Security Appliance (ASA) Software 7.0.8.13, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.61, Cisco Adaptive Security Appliance (ASA) Software 7.1.2, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.81, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.64, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.72, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.16, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.20, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.24, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.28, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.38, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.42, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.46, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.49, Cisco Adaptive Security Appliance (ASA) Software 7.1.2.53, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.34, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.1, Cisco Adaptive Security Appliance (ASA) Software 7.2.2, Cisco Adaptive Security Appliance (ASA) Software 7.2.4, Cisco Adaptive Security Appliance (ASA) Software 7.2.3, Cisco Adaptive Security Appliance (ASA) Software 7.2.1, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.27, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.30, Cisco Adaptive Security Appliance (ASA) Software 7.2.5, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.33, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.9, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.13, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.19, Cisco Adaptive Security Appliance (ASA) Software 7.2.1.24, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.6, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.10, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.14, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.18, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.19, Cisco Adaptive Security Appliance (ASA) Software 7.2.2.22, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.12, Cisco Adaptive Security Appliance (ASA) Software 7.2.3.16, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.6, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.9, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.18, Cisco Adaptive Security Appliance (ASA) Software 7.2.4.25, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.2, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.4, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.7, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.8, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.10, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.12, Cisco Adaptive Security Appliance (ASA) Software 7.2.5.16, Cisco Adaptive Security Appliance (ASA) Software 8.0.2.11, Cisco Adaptive Security Appliance (ASA) Software 8.0.4, Cisco Adaptive Security Appliance (ASA) Software 8.0.3, Cisco Adaptive Security Appliance (ASA) Software 8.0.2, Cisco Adaptive Security Appliance (ASA) Software 8.0.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.25, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.28, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.33, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.32, Cisco Adaptive Security Appliance (ASA) Software 8.0.5, Cisco Adaptive Security Appliance (ASA) Software 8.0.2.15, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.6, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.12, Cisco Adaptive Security Appliance (ASA) Software 8.0.3.19, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.9, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.16, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.23, Cisco Adaptive Security Appliance (ASA) Software 8.0.4.31, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.20, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.23, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.25, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.27, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.28, Cisco Adaptive Security Appliance (ASA) Software 8.0.5.31, Cisco Adaptive Security Appliance (ASA) Software 8.2.0.45, Cisco Adaptive Security Appliance (ASA) Software 8.2.1, Cisco Adaptive Security Appliance (ASA) Software 8.2.2, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.10, Cisco Adaptive Security Appliance (ASA) Software 8.2.3, Cisco Adaptive Security Appliance (ASA) Software 8.2.4, Cisco Adaptive Security Appliance (ASA) Software 8.2.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.9, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.12, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.16, Cisco Adaptive Security Appliance (ASA) Software 8.2.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.2.4.4, Cisco Adaptive Security Appliance (ASA) Software 8.2.5, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.13, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.22, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.26, Cisco Adaptive Security Appliance (ASA) Software 8.2.2.17, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.33, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.40, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.41, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.46, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.48, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.50, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.52, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.55, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.57, Cisco Adaptive Security Appliance (ASA) Software 8.2.5.59, Cisco Adaptive Security Appliance (ASA) Software 8.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.15, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.16, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.19, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.23, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.24, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.50, Cisco Adaptive Security Appliance (ASA) Software 8.1.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.13, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.49, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.55, Cisco Adaptive Security Appliance (ASA) Software 8.1.2.56, Cisco Adaptive Security Appliance (ASA) Software 8.1.0.104, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.3.1, Cisco Adaptive Security Appliance (ASA) Software 8.3.2, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.23, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.25, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.4, Cisco Adaptive Security Appliance (ASA) Software 8.3.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.4, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.13, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.31, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.33, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.34, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.37, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.39, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.40, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.41, Cisco Adaptive Security Appliance (ASA) Software 8.3.2.44, Cisco Adaptive Security Appliance (ASA) Software 8.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.2, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.4.2.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.8, Cisco Adaptive Security Appliance (ASA) Software 8.4.3.9, Cisco Adaptive Security Appliance (ASA) Software 8.4.4, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.5, Cisco Adaptive Security Appliance (ASA) Software 8.4.4.9, Cisco Adaptive Security Appliance (ASA) Software 8.4.5, Cisco Adaptive Security Appliance (ASA) Software 8.4.5.6, Cisco Adaptive Security Appliance (ASA) Software 8.4.6, Cisco Adaptive Security Appliance (ASA) Software 8.4.2.1, Cisco Adaptive Security Appliance (ASA) Software 8.4.7, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.3, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.15, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.22, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.23, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.26, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.28, Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29, Cisco Adaptive Security Appliance (ASA) Software 8.5.1, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.6, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.7, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.14, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.17, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.18, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.19, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.21, Cisco Adaptive Security Appliance (ASA) Software 8.5.1.24, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.6.1, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.2, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.5, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.10, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.12, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.13, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.14, Cisco Adaptive Security Appliance (ASA) Software 8.6.1.17, Cisco Adaptive Security Appliance (ASA) Software 8.7.1, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.1, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.3, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.4, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.7, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.8, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.11, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.13, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.16, Cisco Adaptive Security Appliance (ASA) Software 8.7.1.17, Cisco Adaptive Security Appliance (ASA) Software 9.0.1, Cisco Adaptive Security Appliance (ASA) Software 9.0.2, Cisco Adaptive Security Appliance (ASA) Software 9.0.2.10, Cisco Adaptive Security Appliance (ASA) Software 9.0.3, Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6, Cisco Adaptive Security Appliance (ASA) Software 9.0.3.8, Cisco Adaptive Security Appliance (ASA) Software 9.0.4, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.1, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.5, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.17, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.20, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.24, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.7, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.26, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.29, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.33, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.37, Cisco Adaptive Security Appliance (ASA) Software 9.0.4.35, Cisco Adaptive Security Appliance (ASA) Software 9.1.1, Cisco Adaptive Security Appliance (ASA) Software 9.1.1.4, Cisco Adaptive Security Appliance (ASA) Software 9.1.2, Cisco Adaptive Security Appliance (ASA) Software 9.1.3, Cisco Adaptive Security Appliance (ASA) Software 9.1.2.8, Cisco Adaptive Security Appliance (ASA) Software 9.1.3.2, Cisco Adaptive Security Appliance (ASA) Software 9.1.4, Cisco Adaptive Security Appliance (ASA) Software 9.1.4.5, Cisco Adaptive Security Appliance (ASA) Software 9.1.5, Cisco Adaptive Security Appliance (ASA) Software 9.1.5.10, Cisco Adaptive Security Appliance (ASA) Software 9.1.5.12, Cisco Adaptive Security Appliance (ASA) Software 9.1.5.15, Cisco Adaptive Security Appliance (ASA) Software 9.1.6, Cisco Adaptive Security Appliance (ASA) Software 9.1.5.21, Cisco Adaptive Security Appliance (ASA) Software 9.1.6.1, Cisco Adaptive Security Appliance (ASA) Software 9.1.6.6, Cisco Adaptive Security Appliance (ASA) Software 9.1.6.4, Cisco Adaptive Security Appliance (ASA) Software 9.1.6.8, Cisco Adaptive Security Appliance (ASA) Software 9.1.6.10, Cisco Adaptive Security Appliance (ASA) Software 9.2.1, Cisco Adaptive Security Appliance (ASA) Software 9.2.2, Cisco Adaptive Security Appliance (ASA) Software 9.2.2.4, Cisco Adaptive Security Appliance (ASA) Software 9.2.2.7, Cisco Adaptive Security Appliance (ASA) Software 9.2.3, Cisco Adaptive Security Appliance (ASA) Software 9.2.2.8, Cisco Adaptive Security Appliance (ASA) Software 9.2.3.3, Cisco Adaptive Security Appliance (ASA) Software 9.2.3.4, Cisco Adaptive Security Appliance (ASA) Software 9.2.0.0, Cisco Adaptive Security Appliance (ASA) Software 9.2.0.104, Cisco Adaptive Security Appliance (ASA) Software 9.2.3.1, Cisco Adaptive Security Appliance (ASA) Software 9.2.4, Cisco Adaptive Security Appliance (ASA) Software 9.2.4.2, Cisco Adaptive Security Appliance (ASA) Software 9.2.4.4, Cisco Adaptive Security Appliance (ASA) Software 9.3.1, Cisco Adaptive Security Appliance (ASA) Software 9.3.1.1, Cisco Adaptive Security Appliance (ASA) Software 9.3.2, Cisco Adaptive Security Appliance (ASA) Software 9.3.2.2, Cisco Adaptive Security Appliance (ASA) Software 9.3.3, Cisco Adaptive Security Appliance (ASA) Software 9.3.5, Cisco Adaptive Security Appliance (ASA) Software 9.3.3.1, Cisco Adaptive Security Appliance (ASA) Software 9.3.3.2, Cisco Adaptive Security Appliance (ASA) Software 9.3.3.5, Cisco Adaptive Security Appliance (ASA) Software 9.3.3.6, Cisco Adaptive Security Appliance (ASA) Software 9.4.1, Cisco Adaptive Security Appliance (ASA) Software 9.4.0.115, Cisco Adaptive Security Appliance (ASA) Software 9.4.1.1, Cisco Adaptive Security Appliance (ASA) Software 9.4.2, Cisco Adaptive Security Appliance (ASA) Software 9.4.1.5, Cisco Adaptive Security Appliance (ASA) Software 9.4.1.3, Cisco Adaptive Security Appliance (ASA) Software 9.4.1.2, Cisco Adaptive Security Appliance (ASA) Software 9.4.2.3, Cisco Firepower Threat Defense Software 6.0.0, Cisco Firepower Threat Defense Software 6.0.1, Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software

Related Products

Product CVE Evidence
Cisco PIX Firewall CVE-2016-6366 Cisco OpenVuln
Cisco Firepower Threat Defense Software CVE-2016-6366 Cisco OpenVuln
Cisco FirePOWER Services Software for ASA CVE-2016-6366 Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software CVE-2016-6366 Cisco OpenVuln
Cisco ASA 1000V Cloud Firewall Software CVE-2016-6366 Cisco OpenVuln