High severity8.8CISA KEVNVD Advisory· Published Aug 18, 2016· Updated Apr 22, 2026

CVE-2016-6366

Description

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

Affected products

Cisco Systems, Inc./Cisco Adaptive Security Appliance
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Range: >=7.2.1,<9.0.4.40
Cisco Systems, Inc./Asa 1000v Cloud Firewall Software2 versions
cpe:2.3:o:cisco:asa_1000v_cloud_firewall_software:8.7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:cisco:asa_1000v_cloud_firewall_software:8.7.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:asa_1000v_cloud_firewall_software:8.7.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc./Pix Firewall Software
cpe:2.3:o:cisco:pix_firewall_software:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blogs.cisco.com/security/shadow-brokersnvdExploitPress/Media CoverageVendor Advisory
zerosum0x0.blogspot.com/2016/09/reverse-engineering-cisco-asa-for.htmlnvdExploitTechnical Description
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmpnvdVendor Advisory
tools.cisco.com/security/center/viewErp.xnvdVendor Advisory
www.securityfocus.com/bid/92521nvdBroken LinkNot ApplicableThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1036637nvdBroken LinkThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/40258/nvdThird Party AdvisoryVDB Entry
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.073
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000