Cisco Modeling Labs version 2.1.1-b19 remote command execution exploit.
a1d30ba3be5b867dccae401fb8872c58This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.
4e68353612f3c0f049691f3af33362bfThis Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user.
84909084ffbe70c31014516f90109679Cisco SD-WAN vManage version 19.2.2 remote root shell proof of concept exploit that leverages multiple vulnerabilities.
a4bd588c350b9a327fc445d03fadab85Cisco RV-series routers suffer from an authentication bypass vulnerability. The RV34X series are also affected by a command injection vulnerability in the sessionid cookie, when requesting the /upload endpoint. A combination of these issues would allow any person who is able to communicate with the web interface to run arbitrary system commands on the router as the www-data user. Vulnerable versions include RV16X/RV26X versions 1.0.01.02 and below and RV34X versions 1.0.03.20 and below.
c12d03c8d1125957763a439d71aa925eTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
7bd30001cd11ba535f0d0f083a45bce3Cisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
483ae8252192dee26cf8c9814dc78eb9Cisco RV110W version 1.2.1.7 vpn_account denial of service proof of concept exploit.
22bfead549943dbe0007ce4ce4a7b6f5Cisco ASA version 9.14.1.10 and FTD version 6.6.0.1 path traversal exploit. Original discovery of this vulnerability is attributed to 3ndG4me in October of 2020.
7cf23b4f5854a2f296a17705db8fae41Cisco 7937G suffers from denial of service and privilege escalation vulnerabilities.
f210efc45d545be62045827b6fd91890Cisco ASA and FTD version 9.6.4.42 suffer from a path traversal vulnerability.
48f25de33c55a08e792d3ab4713f7f58The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
6dab51a6758b6569e7dba4af74f482edTwo denial of service exploits for Cisco 7937G versions SIP-1-4-5-7 and below.
5534c1f0e1f875aee45b3734baba6fdbCisco 7947G versions SIP-1-4-5-7 and below privilege escalation exploit.
50b203b494ce1d079936d6dbb4a3f309This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below.
9eb60ef20d0f3abf883446a0c58b2d27THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
7a2f54980ce44aff0cc047fb75751dbaCisco Adaptive Security Appliance Software version 9.7 unauthenticated arbitrary file deletion exploit.
2053bb9eac204ac9b709cb174adc0f1dThis Python script checks whether the target server is vulnerable to CVE-2020-3452, a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products that can allow for remote file disclosure.
ce6d90fc11286f40ae29b48e9bcc545dThe installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
0ce466f922be78b19e5b1169c13ef711This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
a3283617421910d08a845659be600c53Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.
feb8e9e65a6290bd7cb40a92790b9e16Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.
e5a3959bc7c5608c73bf90960397d443Cisco IP Phone version 11.7 denial of service proof of concept exploit.
9ae93c7c36b4741bda68dc135166ed33Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.
614b86f032bbc9466892166a5a1742b9Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.
f78d9a450e8dddba0757fc613e10da7a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed