CVE DATABASE / CVE-2016-6367
CVE-2016-6367
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
CVSS 7.8 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2022-05-24.
Federal remediation due 2022-06-14.
Required action: Apply updates per vendor instructions.
Summary
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Cisco adaptive security appliance softwareCisco asa 5500Cisco asa 5500-xCisco asa 5500 csc-ssmCisco asa 5505Cisco asa 5506-xCisco asa 5506h-xCisco asa 5506w-xCisco asa 5508-xCisco asa 5510Cisco asa 5512-xCisco asa 5515-xCisco asa 5516-xCisco asa 5520Cisco asa 5525-xCisco asa 5540Cisco asa 5545-xCisco asa 5550Cisco asa 5555-xCisco asa 5580
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://blogs.cisco.com/security/shadow-brokers
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli
- http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
- http://www.securityfocus.com/bid/92520
- http://www.securitytracker.com/id/1036636
- https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip
- https://www.exploit-db.com/exploits/40271/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6367
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-22. Always verify against the vendor advisory before acting.