CVE-2016-6432 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Adaptive Security Appliance Software

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

8.1HIGHNVD

EPSS

4.7%

top 10.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 27

Latest updateMay 14

Description

A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full contro…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software130 versions+129

🔴Vulnerability Details

GHSA

GHSA-x6rr-372c-rmr2: A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9↗2022-05-14

▶

CVEList

CVE-2016-6432: A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9↗2016-10-27

▶

📋Vendor Advisories

Cisco

Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability↗2016-10-19

▶