CVE-2016-6461

Published Nov 19, 2016
Last updated 2 years ago
CVSS medium 5.9
Overview

Description: A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30).
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07BC9E2D-0B86-4A82-8CB4-A31FFBF322CE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6887033-E697-47D0-B6E0-61B64E9D3AC8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4C1AB6D-F2C5-4726-8792-581E8DCB9EB6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEA1216C-903C-469D-8615-ECFB3AA29BC9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0707169B-34B9-4666-8EBD-F5967059D6AC"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EF48794-2E5D-4BE0-9BB5-49ADE34F4A82"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3A13A9C-5387-4670-8E20-FE878946D091"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.104\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F7C7DA3-C24B-41BB-BDBE-7DC58EEAC4F8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(3.1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFC39DA3-8171-4344-A946-7965873C56F3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9C31567-8AEB-49C6-AA60-4150411D62AA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA140CB2-C17C-4164-A59A-8585906057BA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "468D98A7-92D5-4C01-9EDD-CB44B85EA6BB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BAAC9FE-CCF0-4385-B5E9-FC424CD3EFD5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C9DEB1C-F9B9-4291-92B5-8EEEADC57E51"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39330218-32FA-42FF-B5CA-288B7D140304"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A92D7CED-D036-414B-B9EB-DCAF7F425A7D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4AAAB02-140D-46F2-A315-5791BF5A853F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EB02DBE-6D60-4D0E-8E9D-7611C3C32748"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A2F3C77-89CD-4990-98FA-E896079B6C87"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5D03293-9765-46DB-B53D-1B23D5C14373"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0286DAF0-FACA-4F94-82E9-EAED8750DB7C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25E77826-1208-4582-A94C-242B601BD456"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD617A59-2A4C-4264-BB5D-0126EF292079"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5B9FC85-13B8-488C-80C4-C29C0E244601"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2E7582A-835E-4A84-B197-EB40EE7985C9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.50\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E044883-9952-477A-B2AA-3E0BB90C96A0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.105\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E26A1B0-D61C-4A25-8E10-02A2E3E7A02B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.100\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F4A28B7-87A2-464A-92A8-644E3F7D13D7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.243\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D83ED80-972A-4548-9AB0-10F9A23DF749"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26D99395-D18D-458E-9880-19B7767F69D0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED33F68A-9EB0-416A-A0A5-0DF2C349FFEE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F7DD812-DC72-4816-8B0F-361C32B2CD2F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC41D4CD-D5EA-4678-B3AA-962C7C937118"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "996C9552-5743-4639-A077-5B057605DF21"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5779CE0-7691-47DA-902C-4D32D6650C9D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C69BE69-7C19-4ED3-98D3-04B1D41E56FE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7D12EFD-71D6-480E-97D5-278CCE4A7118"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56AE55AB-8170-4E3A-AF89-A8F79599901A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B10653A-0E7C-4014-825D-76B5B438D378"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77642A96-EF7F-4138-97BC-B3793EE0FB52"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFE9F46B-DD74-4295-BB6A-9239E29F4416"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.0.115:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8F53875-D589-4C34-B863-67AC9945BED8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8870EB6E-DAE9-45F9-BBA5-2D20E5E00F83"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B313B0E-4200-427F-A156-1EDA681F439D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8C49821-3BA5-4B44-84F5-113024FD030F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2011F264-53A5-4507-843B-46F66D285ADB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "290AA0BD-EDB0-4BA4-BF85-9CF29A1B7908"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73FB7BAF-7B3E-4091-A90B-FB19B38FFE74"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D2DA09B-CFBA-4FDE-A6D0-7C2CF202D72B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BE2EE9B-D44E-430D-8469-1DF0ADC322B5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC6B45EB-97BB-4683-9092-95E560B2585F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D3AA854-0F4D-4B08-A249-B3C19C056D7B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66E55E46-01F5-4C0D-8A69-1BBC590188BD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D96BCCA3-958D-41C4-98CE-1A333F9667A7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "245E680B-7A2D-4F98-9D59-6ECF70FE882B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C78E5C3-4D0D-4DFD-AA91-93DD58B195F0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F831FD5A-1D54-4DFA-9AED-C3F2CBCE4069"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E29F95F5-6957-46F0-A0A2-CCACBBA14F90"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D9EFD6D-A657-4102-982D-7634AC25E75E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59593836-990A-4CF1-AFBC-516C4A318641"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5479676D-6B3F-4154-B0D4-D2C81E6C941F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F062A64B-7184-49C6-BDF5-8A413B0A85F0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
