CyberSec.Space Logo
Back to CVE Browser

CVE-2016-6367

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score52.5880%
EPSS Percentile85.74th
PublishedAug 18, 2016
Last ModifiedApr 22, 2026

Vulnerability Description

Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.

Affected Platforms (CPE)

πŸ’»
Cisco

Adaptive Security Appliance Software

>= 7.2.0 and < 8.4\(3\)
πŸ’»
Cisco

Adaptive Security Appliance Software

>= 8.5 and < 9.0\(1\)

References & Advisories

πŸ”— http://blogs.cisco.com/security/shadow-brokers
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli
πŸ”— http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
πŸ”— http://www.securityfocus.com/bid/92520
πŸ”— http://www.securitytracker.com/id/1036636
πŸ”— https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip
πŸ”— https://www.exploit-db.com/exploits/40271/
πŸ”— http://blogs.cisco.com/security/shadow-brokers

Related Vulnerabilities

CVE-2013-550910.0

The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote...

CVE-2009-491910.0

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attacker...

CVE-2009-491210.0

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS c...

CVE-2013-551110.0

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x...