Executive Risk Summary
"A local privilege escalation vulnerability exists in Cisco Adaptive Security Appliance (ASA) Software, allowing attackers to gain elevated privileges via invalid CLI commands. This vulnerability affects ASA 5500, ASA 5500-X, PIX, and FWSM devices running software versions prior to 8.4(1)."
Anticipated Attack Path
- 1. Initial Exploitation: Local attacker sends invalid CLI commands to the ASA device
- 2. Privilege Escalation: Attacker gains elevated privileges on the device
- 3. Post-Exploitation: Attacker can perform unauthorized actions, such as modifying device configurations or accessing sensitive data
Am I Vulnerable?
- Verify the ASA software version and ensure it is updated to 8.4(1) or later
- Monitor device logs for suspicious CLI activity
- Restrict access to the device and limit privileges for local users
Operational Audit Arsenal
Target Type Process
Target Asset cli.exe
Standard Path /usr/local/bin
Manual Verification Required
This is a non-Windows asset (Cisco). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Potential disruption to network traffic and device functionality during the update process
Internal Work Notes
CVE-2016-6367: Local Privilege Escalation Vulnerability in Cisco ASA Software - CLI. Update to 8.4(1) or later and restrict local user access.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttp://blogs.cisco.com/security/shadow-brokers
Official Advisoryhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli
Official Advisoryhttp://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
Official Advisoryhttp://www.securityfocus.com/bid/92520
Official Advisoryhttp://www.securitytracker.com/id/1036636
Official Advisoryhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip
Official Advisoryhttps://www.exploit-db.com/exploits/40271/
Official Advisoryhttp://blogs.cisco.com/security/shadow-brokers
Official Advisoryhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli
Official Advisoryhttp://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
Official Advisoryhttp://www.securityfocus.com/bid/92520
Official Advisoryhttp://www.securitytracker.com/id/1036636
Official Advisoryhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip
Official Advisoryhttps://www.exploit-db.com/exploits/40271/
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6367
Related Cisco Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.