CVE-2016-6367
CVE-2016-6367
In short
A flaw in Cisco ASA firewall devices allows local users to gain administrative privileges by using specially crafted invalid commands in the command-line interface. This is dangerous because an attacker with local access can take full control of the firewall and compromise network security.
Technical detail
CWE-77 (Improper Neutralization of Special Elements used in a Command) in Cisco ASA software versions before 8.4(1) allows authenticated local users to execute privilege escalation attacks via malformed CLI commands. The vulnerability requires local access to the device's command interface and can result in unauthorized administrative access to the firewall.
Summary generated and translated by AI from the official description.
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/40271/unverifiedexploitdbwww.exploit-db.com/exploits/40271unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.cisco.com/security/shadow-brokershttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.ziphttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6367https://www.exploit-db.com/exploits/40271/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-clihttp://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516http://www.securityfocus.com/bid/92520http://www.securitytracker.com/id/1036636