⚠ Actively exploited

Added to CISA KEV on 2022-05-24. Federal agencies required to patch by 2022-06-14. Required action: Apply updates per vendor instructions..

CVE-2016-6366 — Classic Buffer Overflow in Cisco Adaptive Security Appliance Software

CWE-120 — Classic Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents10 sources

Severity

8.8HIGHNVD

EPSS

91.4%

top 0.34%

CISA KEV

KEV

Added 2022-05-24

Due 2022-06-14

Exploit

Exploited in wild

Active exploitation observed

Affected products

Cisco Adaptive Security Appliance Software Cisco ASA 1000v Cloud Firewall Software

Timeline

PublishedAug 18

KEV addedMay 24

KEV dueJun 14

CISA Required Action: Apply updates per vendor instructions.

Description

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_software7.2.1 — 9.0.4.40+6

▶NVDcisco/asa_1000v_cloud_firewall_software8.7.1, 8.7.1.1+1

🔴Vulnerability Details

GHSA

GHSA-pfgh-2mw6-962h: Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9↗2022-05-17

▶

CVEList

CVE-2016-6366: Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9↗2016-08-18

▶

VulnCheck

Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability↗2016

▶

💥Exploits & PoCs

Exploit-DB

Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass↗2016-08-18

▶

Metasploit

Cisco ASA Authentication Bypass (EXTRABACON)↗

▶

🔍Detection Rules

Suricata

ET EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon (CVE-2016-6366)↗2016-08-25

▶

📋Vendor Advisories

CISA

Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability↗2022-05-24

▶

Cisco

Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability↗2016-08-17

▶

🕵️Threat Intelligence

Qualys

Mystery Magic Bytes From The Equation Leak | Qualys↗2016-08-26

▶

Qualys

Mystery Magic Bytes From The Equation Leak | Qualys↗2016-08-26

▶