CVE-2016-6461
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
19/11/2016
Last modified:
12/04/2025
Description
A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30).
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\(7\)4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\(7\)7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\(7\)9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\(7\)11:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\(7\)12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\(0.0\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\(0.104\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\(3.1\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/94365
- http://www.securitytracker.com/id/1037306
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa
- http://www.securityfocus.com/bid/94365
- http://www.securitytracker.com/id/1037306
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa