SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Cisco ASA Vendors:   Cisco
Cisco ASA Command Line Interface Bug Lets Local Users Deny Service and Gain Elevated Privileges
SecurityTracker Alert ID:  1036636
SecurityTracker URL:  http://securitytracker.com/id/1036636
CVE Reference:   CVE-2016-6367   (Links to External Site)
Date:  Aug 17 2016
Impact:   Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5500 Series; 5500-X Series; prior to 8.4(1)
Description:   A vulnerability was reported in Cisco ASA. A local user can cause denial of service conditions or obtain root privileges on the target system.

A local user can supply specially crafted commands to trigger a flaw in the command-line interface (CLI) parser and cause denial of service conditions or execute arbitrary commands on the target system with root privileges.

The following hardware devices may also be affected when running ASA software:

Cisco PIX Firewalls
Cisco Firewall Services Module (FWSM)

The vendor has assigned bug ID CSCtu74257 to this vulnerability.

Shadow Brokers reported this vulnerability.

Impact:   A local user can cause denial of service conditions on the target system.

A local user can obtain root privileges on the target system.

Solution:   The vendor has issued a fix (8.4(1)).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli (Links to External Site)
Cause:   Not specified

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 17 2016 (Cisco Issues Fix for Cisco Firewall Services Module) Cisco ASA Command Line Interface Bug Lets Local Users Deny Service and Gain Elevated Privileges
Cisco has issued a fix for Cisco Firewall Services Module.
Aug 17 2016 (Cisco Issues Fix for Cisco PIX Firewall) Cisco ASA Command Line Interface Bug Lets Local Users Deny Service and Gain Elevated Privileges
Cisco has issued a fix for Cisco PIX Firewall.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC