Security Alert: Cisco ASA SNMP Remote Code Execution Vulnerability (CVE-2016-6366)

Hello,

Very recently, a new security vulnerability affecting Cisco ASA & Firepower was discovered. Below are the short details:

Background:
A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. The attacker must know the SNMP community string to exploit this vulnerability.




Affected Products:
  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 4100 Series
  • Cisco Firepower 9300 ASA Security Module
  • Cisco Firepower Threat Defense Software
  • Cisco Firewall Services Module (FWSM)*
  • Cisco Industrial Security Appliance 3000 
  • Cisco PIX Firewalls


IOS Fix:

Cisco ASA Major Release First Fixed Release
 7.2Affected; migrate to 9.1.7(9) or later
 8.0Affected; migrate to 9.1.7(9) or later
8.1Affected; migrate to 9.1.7(9) or later
8.2Affected; migrate to 9.1.7(9) or later
8.3Affected; migrate to 9.1.7(9) or later
8.4Affected; migrate to 9.1.7(9) or later
8.5Affected; migrate to 9.1.7(9) or later
8.6Affected; migrate to 9.1.7(9) or later
8.7Affected; migrate to 9.1.7(9) or later
9.09.0.4(40) ETA 8/25/2016
9.19.1.7(9)
9.29.2.4(14) ETA 8/25/2016
9.39.3.3(10) ETA 8/26/2016
9.49.4.3(8) ETA 8/26/2016
9.59.5(3)
9.69.6.1(11) / FTD 6.0.1(2)


For up-to-date details of the vulnerability, kindly check the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

For more information or assistance in patching the above vulnerability, don't hesitate to contact us through our call center on +961-1-511822.


--
Elie Bassil
linkedin.com/in/eliebassil
Previous
Next Post »

14 comments

Write comments