CVE-2016-6367

HIGH KEV

Cisco ASA <8.4(1) - Privilege Escalation

Title source: llm

Description

Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.

Exploits (1)

exploitdb STUB

by Shadow Brokers · textlocalhardware

https://www.exploit-db.com/exploits/40271

View Code ZIP pw:eip

References (8)

[Exploit, Press/Media Coverage, Vendor Advisory] http://blogs.cisco.com/security/shadow-brokers

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli

[Vendor Advisory] http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92520

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036636

[Broken Link, Exploit] https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40271/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6367

Scores

CVSS v3 7.8

EPSS 0.1876

EPSS Percentile 95.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-24

VulnCheck KEV 2016-08-15

InTheWild.io 2016-08-15

ENISA EUVD EUVD-2016-7290

CWE

CWE-77

Status published

Products (1)

cisco/adaptive_security_appliance_software 7.2.0 - 8.4\(3\)

Published Aug 18, 2016

KEV Added May 24, 2022

Tracked Since Feb 18, 2026