From 38ad735b04b1893b31ec790faee11d47581794d6 Mon Sep 17 00:00:00 2001
From: Pedro Ribeiro <pedrib@gmail.com>
Date: Mon, 15 Oct 2018 22:35:26 +0700
Subject: [PATCH] Create cisco_prime_inf_rce.md

---
 .../exploit/linux/http/cisco_prime_inf_rce.md | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 documentation/modules/exploit/linux/http/cisco_prime_inf_rce.md

diff --git a/documentation/modules/exploit/linux/http/cisco_prime_inf_rce.md b/documentation/modules/exploit/linux/http/cisco_prime_inf_rce.md
new file mode 100644
index 0000000000..6a4aff4cec
--- /dev/null
+++ b/documentation/modules/exploit/linux/http/cisco_prime_inf_rce.md
@@ -0,0 +1,33 @@
+Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary.
+
+## Vulnerable Application
+
+        This module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation.
+        This module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing.
+        The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.
+        
+        The vulnerable virtual appliances can be obtained by Cisco customers from the Cisco software download portal.
+       
+## Info
+
+Provided by:
+  Pedro Ribeiro <pedrib@gmail.com>
+
+Available targets:
+  Id  Name
+  --  ----
+  0   Cisco Prime Infrastructure < 3.4.1 & 3.3.1 Update 02
+
+Check supported:
+  Yes
+
+Basic options:
+  Name        Current Setting  Required  Description
+  ----        ---------------  --------  -----------
+  Proxies                      no        A proxy chain of format type:host:port[,type:host:port][...]
+  RHOSTS                       yes       The target address range or CIDR identifier
+  RPORT       443              yes       The target port (TCP)
+  RPORT_TFTP  69               yes       TFTPD port
+  SSL         true             yes       Use SSL connection
+  TARGETURI   /swimtemp        yes       swimtemp path
+  VHOST                        no        HTTP server virtual host