Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.
c7a0b8d068fd7c8df937ba5cf737eafcd11bc58ff8f2299b7f69502289c92892Cisco IronPort C350 remote host header injection exploit.
46aa6ec3a6ceb2fb7831a82b780d522b93acdd23c01e01fdc83b7da4ec5aefa9Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.
36b762978c34e1f16ed9d93334f8184be045b42ea6fd1fe3f627d000b31db178Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.
655be479e29923ba9adf959f5e03b50adb87fb428255023f173d521b5c61eff2Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.
6af5adca7d10cef4776a34b1429f256e611964bb3d4f4a3810ee8088b9807707Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.
12bb004fdfdf55d718012ab35bbdf7095552636428ef9dab518a924742d5263bCisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.
633ae417bb1a1f1ecee9515bd39772702da57955e5320f29a683d8a630063e9eCisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.
5ba21eee4ea148a7f9115d1e1857e91697c72fa25d23cbcf551f8549a4fbe6d0The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.
88e2661eac6ae7e8e4a10814c6417ce137ece9446d83413cd0c6813936fdb7e1This Metasploit module abuses a known default password on Cisco UCS Director. The 'scpuser' has the password of 'scpuser', and allows an attacker to login to the virtual appliance via SSH. This module has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.
94bda7121e042ee09228bf74bbf6f0d5581de7fd36faaa0ab4e892b49f16f89eA vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
2c771b51eb75ada179bdbfecb74aebaee8b16721ebc04a5e5d918a82a211ed0aCisco IronPort C150 suffers from a remote host header injection vulnerability.
ce45780afb7f4d877adb44119292a4a17c67e3b1648fbbc8fcca7490240237a5Cisco (Titsco) Email Security Appliance (IronPort) C160 suffers from a host header injection vulnerability.
c39dc4b54f558e9618390cbfce70fd7a8832ce9236eb26d340893aaede098891Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data suffer from default password, authentication bypass, and command injection vulnerabilities.
38e7a01258bfec09b0882ac7dbf7cd123357ef8737f810d17b3e0ebf1d0c844eThis Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
ccf085e5a044cb918fae95c5556ebbf021851f7abfb9c7fab3ef667e68647642Cisco Catalyst 3850 Series Device Manager version 3.6.10E suffers from a cross site request forgery vulnerability.
a079ae01655e5720718186f31d323af608aeaa58c70c805477a493c24496d12aCisco Wireless Controller version 3.6.10E suffers from a cross site request forgery vulnerability.
9d87c7999f6ffa9dd2fabd3fb997b5926a5fe0f4da7a6b3bc135f20fbdbf7946Cisco Small Business switches versions 200, 300, and 500 suffer from information leakage and open redirection vulnerabilities.
2bb0ac94980c464d3bdf481b45f48e9917e275cf0b9cfd65dffcfed0b11c7913Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
dfd36cfbc7507485cec0e3cf8334543371b3ffebfedce49529db5c62ccf35e6cThis Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability.
a4ea9f1287ac1dba88becbc65cca9516c214cbb28ac296ea4aab456d25255b07This Metasploit modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root.
2c36a878b4e9bd45ad81ca8fb24a7604744f9f005ad314f116c110e64106d9a4Cisco RV130W version 1.0.3.44 suffers from a remote stack overflow vulnerability.
cf50c981afbcb668852b8ad19be0b75d28bef6b28174ce3ce8eb6a47cb7bcc94THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
56672e253c128abaa6fb19e77f6f59ba6a93762a9ba435505a009ef6d58e8d0eCisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
2d21823c888f2d2b908cd05eb0a2166fac4b33a4729b2a9f4b52422d2a88a0f7A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
09f07f0e9d2f9b46f8c355fbdac1e89d6992aeb917ea250f9d23b8b7c6760b66
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed