Cisco ASA Software CLI Invalid Command Invocation (cisco-sa-20160817-asa-cli) (EPICBANANA)
Medium Nessus Plugin ID 93347
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe Cisco Adaptive Security Appliance (ASA) is missing a vendor-supplied security patch. It is, therefore, affected by a flaw in the command-line interface (CLI) parser related to processing invalid commands. An authenticated, local attacker can exploit this, via certain invalid commands, to cause a denial of service condition or the execution of arbitrary code.
EPICBANANA is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
SolutionUpgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20160817-asa-cli.