CISA KEV 정보
| 취약점명 | Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability |
|---|---|
| 설명 | A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-119 |
| 등록일 (KEV) | 2022-05-24 |
| 조치 기한 | 2022-06-14 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2016-6366 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C설명: Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
CWE: CWE-120 | CWE-120
참조
- http://blogs.cisco.com/security/shadow-brokers [Exploit, Press/Media Coverage, Vendor Advisory]
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp [Vendor Advisory]
- http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516 [Vendor Advisory]
- http://www.securityfocus.com/bid/92521 [Broken Link, Not Applicable, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1036637 [Broken Link, Third Party Advisory, VDB Entry]
- https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip [Broken Link, Exploit]
- https://www.exploit-db.com/exploits/40258/ [Third Party Advisory, VDB Entry]
- https://zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.html [Exploit, Technical Description]
- http://blogs.cisco.com/security/shadow-brokers [Exploit, Press/Media Coverage, Vendor Advisory]
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp [Vendor Advisory]
- http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516 [Vendor Advisory]
- http://www.securityfocus.com/bid/92521 [Broken Link, Not Applicable, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1036637 [Broken Link, Third Party Advisory, VDB Entry]
- https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip [Broken Link, Exploit]
- https://www.exploit-db.com/exploits/40258/ [Third Party Advisory, VDB Entry]
- ... 외 2건
This product uses the NVD API but is not endorsed or certified by the NVD.