Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2016-1287 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Adaptive Security Appliance Software
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
9.8CRITICALNVD
EPSS
89.8%
top 0.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedFeb 11
Latest updateMay 17
Description
Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attacker…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9