CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.6%
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | adaptive_security_appliance_software | * | cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* |
cisco | asa_5500 | - | cpe:2.3:h:cisco:asa_5500:-:*:*:*:*:*:*:* |
cisco | asa_5500-x | - | cpe:2.3:h:cisco:asa_5500-x:-:*:*:*:*:*:*:* |
cisco | asa_5500_csc-ssm | - | cpe:2.3:h:cisco:asa_5500_csc-ssm:-:*:*:*:*:*:*:* |
cisco | asa_5505 | - | cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:* |
cisco | asa_5506-x | - | cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:* |
cisco | asa_5506h-x | - | cpe:2.3:h:cisco:asa_5506h-x:-:*:*:*:*:*:*:* |
cisco | asa_5506w-x | - | cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:* |
cisco | asa_5508-x | - | cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:* |
cisco | asa_5510 | - | cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:* |
blogs.cisco.com/security/shadow-brokers
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli
tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516
www.securityfocus.com/bid/92520
www.securitytracker.com/id/1036636
github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip
www.exploit-db.com/exploits/40271/
More
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.6%