Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6366


Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.


Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 45 products from cisco, from cisco, from cisco and 42 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2016, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.


Published

2016-08-18T18:59:00.117

Last Modified

2026-06-17T00:50:54.163

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.8

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-120
  • Type: Secondary
    CWE-120

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco pix_firewall_software - Yes
Hardware cisco pix_firewall_501 - No
Hardware cisco pix_firewall_506 - No
Hardware cisco pix_firewall_506e - No
Hardware cisco pix_firewall_515 - No
Hardware cisco pix_firewall_515e - No
Hardware cisco pix_firewall_520 - No
Hardware cisco pix_firewall_525 - No
Hardware cisco pix_firewall_535 - No
Operating System cisco adaptive_security_appliance_software < 9.0.4.40 Yes
Operating System cisco adaptive_security_appliance_software < 9.1.7\(9\) Yes
Operating System cisco adaptive_security_appliance_software < 9.2.4\(14\) Yes
Operating System cisco adaptive_security_appliance_software < 9.3.3\(10\) Yes
Operating System cisco adaptive_security_appliance_software < 9.4.3\(8\) Yes
Operating System cisco adaptive_security_appliance_software ≤ 9.5\(3\) Yes
Operating System cisco adaptive_security_appliance_software < 9.6.1\(11\) Yes
Hardware cisco 7604 - No
Hardware cisco 7606-s - No
Hardware cisco 7609-s - No
Hardware cisco 7613-s - No
Hardware cisco asa_5500 - No
Hardware cisco asa_5500-x - No
Hardware cisco asa_5500_csc-ssm - No
Hardware cisco asa_5505 - No
Hardware cisco asa_5506-x - No
Hardware cisco asa_5506h-x - No
Hardware cisco asa_5506w-x - No
Hardware cisco asa_5508-x - No
Hardware cisco asa_5510 - No
Hardware cisco asa_5512-x - No
Hardware cisco asa_5515-x - No
Hardware cisco asa_5516-x - No
Hardware cisco asa_5520 - No
Hardware cisco asa_5525-x - No
Hardware cisco asa_5540 - No
Hardware cisco asa_5545-x - No
Hardware cisco asa_5550 - No
Hardware cisco asa_5555-x - No
Hardware cisco asa_5580 - No
Hardware cisco asa_5585-x - No
Hardware cisco catalyst_6500 - No
Hardware cisco catalyst_6500-e - No
Hardware cisco catalyst_6503-e - No
Hardware cisco catalyst_6504-e - No
Hardware cisco catalyst_6506-e - No
Hardware cisco catalyst_6509-e - No
Hardware cisco catalyst_6509-neb-a - No
Hardware cisco catalyst_6509-v-e - No
Hardware cisco catalyst_6513 - No
Hardware cisco catalyst_6513-e - No
Operating System cisco asa_1000v_cloud_firewall_software 8.7.1 Yes
Operating System cisco asa_1000v_cloud_firewall_software 8.7.1.1 Yes

References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.