Details of VAR-E-201608-0267

ID

VAR-E-201608-0267

CVE

cve_id:

CVE-2016-6366

Trust: 1.3

sources: BID: 92521 // EXPLOIT-DB: 40258

EDB ID

40258

TITLE

Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 40258

DESCRIPTION

Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass. CVE-2016-6366 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 40258

AFFECTED PRODUCTS

vendor:	cisco	model:	asa	scope:	eq	version:	8.x	Trust: 1.6
vendor:	cisco	model:	pix firewalls	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firepower asa security module	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco catalyst series switches	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	asa series next-generation firewalls	scope:	eq	version:	5500-x0	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliances	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	asa cloud firewall	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	adaptive security virtual appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	series routers	scope:	eq	version:	76000	Trust: 0.3

sources: BID: 92521 // EXPLOIT-DB: 40258 // EDBNET: 87420

EXPLOIT

# Exploit Title: Cisco ASA 8.X Authentication Bypass
# Date: 17-08-2016
# Exploit Author: Equation Group
# Vendor Homepage: Cisco
# Software Link: Cisco
# Version: Cisco ASA 8.X
# Tested on: Cisco ASA 8.4.2
# CVE : Not sure

Requirements:
* SNMP read (public) string
* Access to SNMP service
* SSH port accessible

Full Exploit:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40258.zip

Trust: 1.0

sources: EXPLOIT-DB: 40258

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 40258

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 40258

TYPE

'EXTRABACON' Authentication Bypass

Trust: 1.0

sources: EXPLOIT-DB: 40258

CREDITS

Shadow Brokers

Trust: 0.6

sources: EXPLOIT-DB: 40258

EXTERNAL IDS

db:	EXPLOIT-DB	id:	40258	Trust: 1.6
db:	NVD	id:	CVE-2016-6366	Trust: 1.3
db:	EDBNET	id:	87420	Trust: 0.6
db:	BID	id:	92521	Trust: 0.3

sources: BID: 92521 // EXPLOIT-DB: 40258 // EDBNET: 87420

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2016-6366	Trust: 1.0
url:	https://www.exploit-db.com/exploits/40258/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-asa-snmp	Trust: 0.3
url:	http://blogs.cisco.com/security/shadow-brokers	Trust: 0.3

sources: BID: 92521 // EXPLOIT-DB: 40258 // EDBNET: 87420

SOURCES

db:	BID	id:	92521
db:	EXPLOIT-DB	id:	40258
db:	EDBNET	id:	87420

LAST UPDATE DATE

2022-07-27T09:54:05.646000+00:00

SOURCES UPDATE DATE

db:

BID

id:

92521

date:

2016-08-17T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	92521	date:	2016-08-17T00:00:00
db:	EXPLOIT-DB	id:	40258	date:	2016-08-18T00:00:00
db:	EDBNET	id:	87420	date:	2016-08-18T00:00:00