Medium severity5.3NVD Advisory· Published Jul 12, 2016· Updated May 6, 2026

CVE-2016-1445

Description

Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco ASA Software 8.2-9.4.3.3 allows unauthenticated remote attackers to bypass ICMP Echo Reply ACLs due to improper subtype handling.

Vulnerability

Cisco Adaptive Security Appliance (ASA) Software versions 8.2 through 9.4.3.3 contain an access control list (ACL) bypass vulnerability in the handling of ICMP echo reply messages [1]. The flaw stems from improper filtering of ICMP echo request subtypes when ACL rules are applied, allowing traffic that should be denied by security policies to be permitted [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by sending crafted ICMP echo request traffic to an affected Cisco ASA device [1]. No authentication or special network position is required beyond network access to the device. The attack does not require user interaction.

Impact

Successful exploitation allows the attacker to bypass configured ACLs, resulting in ICMP traffic that should be blocked being allowed through the device [1]. This could enable information disclosure or network reconnaissance by allowing ping responses that would otherwise be denied.

Mitigation

Cisco released software updates to address this vulnerability in July 2016 [1]. There are no workarounds available. Users must upgrade to a fixed version (9.4.3.4 or later, depending on the release train). This vulnerability is not known to be listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

References

Cisco Security Advisory: Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Cisco Adaptive Security Appliance2 versions
cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*range: >=8.2,<9.4.3.3
- cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*range: >=9.5.0,<9.5.2.10
Cisco Systems, Inc./Adaptive Security Appliance (ASA) Softwarellm-fuzzy
Range: >=8.2, <=9.4.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160711-asanvdVendor Advisory
www.securityfocus.com/bid/91693nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1036271nvdBroken LinkThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000