Two denial of service exploits for Cisco 7937G versions SIP-1-4-5-7 and below.
6329ae271427ebdd4aca842b16c5bf3f67949255d490ea35dafca48866d48d98Cisco 7947G versions SIP-1-4-5-7 and below privilege escalation exploit.
34708347a6cf94b31172406fb4db70445cf77dffd562fe392a73bb2f32ce2da0This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below.
7724dcf86fe3eda058a8dbe264a07cb05296015350554358dc98f2cdd4cc6be1THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
ce08a5148c0ae5ff4b0a4af2f7f15c5946bc939a57eae1bbb6dda19f34410273Cisco Adaptive Security Appliance Software version 9.7 unauthenticated arbitrary file deletion exploit.
9bff9df7bc31ade0ee6b87d153b448191f71eeb26ef4d1d4589e805582f16722This Python script checks whether the target server is vulnerable to CVE-2020-3452, a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products that can allow for remote file disclosure.
f3d076dbbf728c5d5918c4039d0eaa629b5d9f90b1358b60f76542b5b020352cThe installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
b6d44c2b494378ff342fef57be9d4be4564327103eadabb01ff166ae6dae9bffThis Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
e1a3270999313093f5713647237e1d7494e0c1bc022d9a26053bf23d8ac80fe3Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.
b79e78cd34f779177fdeb2527036085286faae53fc72ed9b3b21853e608b7b38Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.
8ee614424eee5c4644b331ca89e2c2afc6470c9c8941cb5e0f7d3280686ef76cCisco IP Phone version 11.7 denial of service proof of concept exploit.
91023709bd06cb09c03533c7926183d762565f1ac3417ed227ca0ea133cc7045Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.
3b4a032f286a08e996bc7bfa0eaa2fdd87978080ffb2a1d130af4339afc53464Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.
1dc9300d9c7a69f0cd8ed3652186c6007a1037f37260630af559930e809062ceCisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.
437d8b420db1eec19289d0c053fae436486c42eacf69e291ee0cf8ca705ad269Cisco Data Center Network Manager version 11.2 remote code execution exploit.
74fa98093de0741d04ea7ad307c9b37d10281f82652869e8958f8e6740e6396cArmis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.
5e3050fbeb1f22ebf589d261aab1741e8ff40e062b5d1b2a93dee1b7c870f8c4Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.
4f4e3fff7bd0509ce1ac161fec38bfda002f9e838f665c2090308e3d7194c086Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.
2e290ed0460d004995aa5c6beda5de80054af8fec723414b381b7f8d67e3a1a2Cisco WLC 2504 version 8.9 suffers from a denial of service vulnerability.
692da50c6c7b702b96f528fe1dd64418fb776f151a11cb9154373c976bd4af4bDebian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.
1f480636110a11b39ec419c46b823b4198eccd80b372df970a9544c259f933d5This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.
8f0ccbdfa41b81ddec1fba4936ed5ca28502dd6600b5ac754d4fe23b7ec5988dCisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.
73c9d99009b7401255bba6a1f56507939d40908be4130273b2c562c5a4a3adb6Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.
22df195418f74a56634bd310b7da36a4fdf581a8903f80d6ae395c7c7f946d92Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.
b2a95ef79610176da5267a46a9488b05662546d359c6b416942f91ac57d5e952
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed