CVE-2016-1287

CRITICAL

Cisco ASA <9.5 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Exodus Intelligence · pythonremotehardware
https://www.exploit-db.com/exploits/39823
nomisec WORKING POC 33 stars
by NetSPI · poc
https://github.com/NetSPI/asa_tools
nomisec WORKING POC 16 stars
by jgajek · poc
https://github.com/jgajek/killasa
gitlab WORKING POC
by 0x1 · poc
https://gitlab.com/0x1/asa_tools

References (6)

Scores

CVSS v3 9.8
EPSS 0.8978
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (50)
cisco/adaptive_security_appliance_software 7.2.1
cisco/adaptive_security_appliance_software 7.2.1.9
cisco/adaptive_security_appliance_software 7.2.1.13
cisco/adaptive_security_appliance_software 7.2.1.19
cisco/adaptive_security_appliance_software 7.2.1.24
cisco/adaptive_security_appliance_software 7.2.2
cisco/adaptive_security_appliance_software 7.2.2.6
cisco/adaptive_security_appliance_software 7.2.2.10
cisco/adaptive_security_appliance_software 7.2.2.14
cisco/adaptive_security_appliance_software 7.2.2.18
... and 40 more
Published Feb 11, 2016
Tracked Since Feb 18, 2026