Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6461

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30).

Published

2016-11-19T03:03:04.570

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	adaptive_security_appliance_software	9.1\(7\)4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1\(7\)7	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1\(7\)9	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1\(7\)11	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1\(7\)12	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.6.10	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2\(0.0\)	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2\(0.104\)	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2\(3.1\)	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.2.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.2.7	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.2.8	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.3.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.3.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4.8	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4.10	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4.13	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4.14	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4.16	Yes
Operating System	cisco	adaptive_security_appliance_software	9.2.4.17	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3\(1.50\)	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3\(1.105\)	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3\(2.100\)	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3\(2.243\)	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.1.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.2.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3.6	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3.9	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3.10	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.3.11	Yes
Operating System	cisco	adaptive_security_appliance_software	9.3.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.0.115	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.1.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.1.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.1.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.1.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.2.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.3.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.3.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.3.6	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.3.8	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.3.11	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.3.12	Yes
Operating System	cisco	adaptive_security_appliance_software	9.4.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.5.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.5.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.5.2.6	Yes
Operating System	cisco	adaptive_security_appliance_software	9.5.2.10	Yes
Operating System	cisco	adaptive_security_appliance_software	9.5.2.14	Yes

References

http://www.securityfocus.com/bid/94365 ([email protected])
http://www.securitytracker.com/id/1037306 ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/94365 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037306 (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)