CVE-2016-6366
HIGH KEVCisco ASA Authentication Bypass (EXTRABACON)
Title source: metasploitExploitation Summary
CVE-2016-6366 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 24, 2022.
EIP tracks 3 public exploits from researchers including Shadow Brokers, RiskSense-Ops, Sean Dillon <[email protected]>, Zachary Harding <[email protected]>, Nate Caroe <[email protected]>, Dylan Davis <[email protected]>, including a Metasploit module auxiliary/admin/networking/cisco_asa_extrabacon.
AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability in Cisco ASA 8.X. It outlines requirements and provides a link to the full exploit but does not contain actual exploit code.
Description
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
Exploits (3)
This is a writeup describing an authentication bypass vulnerability in Cisco ASA 8.X. It outlines requirements and provides a link to the full exploit but does not contain actual exploit code.
This repository contains an improved version of the EXTRABACON exploit for CVE-2016-6366, a remote code execution vulnerability in Cisco ASA devices. It includes functional exploit code, shellcode for multiple versions, and a LINA offset finder script to extend support to additional versions.
This Metasploit module exploits CVE-2016-6366, an authentication bypass vulnerability in Cisco ASA devices via SNMP. It patches authentication functions to allow uncredentialed logins by leveraging version-specific offsets for shellcode execution.
References (9)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H