CVE-2016-6461

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
ciscoadaptive_security_appliance_software
9.1\(7\)4
ciscoadaptive_security_appliance_software
9.1\(7\)7
ciscoadaptive_security_appliance_software
9.1\(7\)9
ciscoadaptive_security_appliance_software
9.1\(7\)11
ciscoadaptive_security_appliance_software
9.1\(7\)12
ciscoadaptive_security_appliance_software
9.1.6.10
ciscoadaptive_security_appliance_software
9.2\(0.0\)
ciscoadaptive_security_appliance_software
9.2\(0.104\)
ciscoadaptive_security_appliance_software
9.2\(3.1\)
ciscoadaptive_security_appliance_software
9.2.1
ciscoadaptive_security_appliance_software
9.2.2
ciscoadaptive_security_appliance_software
9.2.2.4
ciscoadaptive_security_appliance_software
9.2.2.7
ciscoadaptive_security_appliance_software
9.2.2.8
ciscoadaptive_security_appliance_software
9.2.3
ciscoadaptive_security_appliance_software
9.2.3.3
ciscoadaptive_security_appliance_software
9.2.3.4
ciscoadaptive_security_appliance_software
9.2.4
ciscoadaptive_security_appliance_software
9.2.4.4
ciscoadaptive_security_appliance_software
9.2.4.8
ciscoadaptive_security_appliance_software
9.2.4.10
ciscoadaptive_security_appliance_software
9.2.4.13
ciscoadaptive_security_appliance_software
9.2.4.14
ciscoadaptive_security_appliance_software
9.2.4.16
ciscoadaptive_security_appliance_software
9.2.4.17
ciscoadaptive_security_appliance_software
9.3\(1.50\)
ciscoadaptive_security_appliance_software
9.3\(1.105\)
ciscoadaptive_security_appliance_software
9.3\(2.100\)
ciscoadaptive_security_appliance_software
9.3\(2.243\)
ciscoadaptive_security_appliance_software
9.3.1
ciscoadaptive_security_appliance_software
9.3.1.1
ciscoadaptive_security_appliance_software
9.3.2
ciscoadaptive_security_appliance_software
9.3.2.2
ciscoadaptive_security_appliance_software
9.3.3
ciscoadaptive_security_appliance_software
9.3.3.1
ciscoadaptive_security_appliance_software
9.3.3.2
ciscoadaptive_security_appliance_software
9.3.3.5
ciscoadaptive_security_appliance_software
9.3.3.6
ciscoadaptive_security_appliance_software
9.3.3.9
ciscoadaptive_security_appliance_software
9.3.3.10
ciscoadaptive_security_appliance_software
9.3.3.11
ciscoadaptive_security_appliance_software
9.3.5
ciscoadaptive_security_appliance_software
9.4.0.115
ciscoadaptive_security_appliance_software
9.4.1
ciscoadaptive_security_appliance_software
9.4.1.1
ciscoadaptive_security_appliance_software
9.4.1.2
ciscoadaptive_security_appliance_software
9.4.1.3
ciscoadaptive_security_appliance_software
9.4.1.5
ciscoadaptive_security_appliance_software
9.4.2
ciscoadaptive_security_appliance_software
9.4.2.3
ciscoadaptive_security_appliance_software
9.4.3
ciscoadaptive_security_appliance_software
9.4.3.3
ciscoadaptive_security_appliance_software
9.4.3.4
ciscoadaptive_security_appliance_software
9.4.3.6
ciscoadaptive_security_appliance_software
9.4.3.8
ciscoadaptive_security_appliance_software
9.4.3.11
ciscoadaptive_security_appliance_software
9.4.3.12
ciscoadaptive_security_appliance_software
9.4.4
ciscoadaptive_security_appliance_software
9.5.1
ciscoadaptive_security_appliance_software
9.5.2
ciscoadaptive_security_appliance_software
9.5.2.6
ciscoadaptive_security_appliance_software
9.5.2.10
ciscoadaptive_security_appliance_software
9.5.2.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94365
http://www.securitytracker.com/id/1037306
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa
http://www.securityfocus.com/bid/94365
http://www.securitytracker.com/id/1037306
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa