Cisco 7937G Denial Of Service / Privilege Escalation

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os...

Cisco 7937G - DoS/Privilege Escalation Exploit

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os def mainargv:...

Cisco 7937G - DoS/Privilege Escalation

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os...

Cisco 7937G Denial-of-Service Attack

This module exploits a bug in how the conference station handles incoming SSH connections that provide an incompatible key exchange. By connecting with an incompatible key exchange, the device becomes nonresponsive until it is manually power cycled. Module Options msf use...

Cisco 7937G SSH Privilege Escalation

This module exploits a feature that should not be available via the web interface. An unauthenticated user may change the credentials for SSH access to any username and password combination desired, giving access to administrative functions through an SSH connection. Module Options msf use...

Cisco 7937G Denial-of-Service Reboot Attack

This module exploits a bug in how the conference station handles executing a ping via its web interface. By repeatedly executing the ping function without clearing out the resulting output, a DoS is caused that will reset the device after a few minutes. Module Options msf use...

Cisco 7937G Denial of Service Vulnerability

The Cisco 7937G is an online conferencing endpoint device from Cisco USA. A security vulnerability exists in the Cisco 7937G versions 1-4-4-0 through 1-4-5-7. An attacker could exploit the vulnerability to cause a denial of service...

CVE-2020-16137

A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being...

CVE-2020-16139

A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better...

CVE-2020-16138

A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our...

Information disclosure

A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better...

Information disclosure

A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our...

CVE-2020-16138

CVE-2020-16138 concerns Cisco Unified IP Conference Station 7937G (versions 1-4-4-0 to 1-4-5-7). The core issue is a denial-of-service condition that allows remote disruption of the device, potentially disabling it until a power cycle. The connected records corroborate a DoS/offline impact and sh...

Cisco 7937G Input Validation Error Vulnerability

The Cisco 7937G is an online conferencing endpoint device from Cisco USA. A security vulnerability exists in the Cisco 7937G versions 1-4-4-0 through 1-4-5-7. An attacker could exploit the vulnerability to cause a denial of service...

Cisco 7937G All-In-One Exploiter Exploit

This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below. Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepag...

Cisco 7937G Denial Of Service Exploit

CVE-2020-16138.py: Exploit Title: Cisco 7937G DoS 2 MSF Module Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: ', 'type': 'cve', 'ref': '2020-', 'type': 'edb', 'ref': '' , 'type': 'dos', 'options': 'rhost': 'type': 'address', 'description': 'Target address...

Cisco 7937G Denial Of Service

CVE-2020-16138.py: Exploit Title: Cisco 7937G DoS 2 MSF Module Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: ', 'type': 'cve', 'ref': '2020-', 'type': 'edb', 'ref': '' , 'type': 'dos', 'options': 'rhost': 'type': 'address', 'description': 'Target address...

PT-2020-14771 · Cisco · Cisco Unified Ip Conference Station 7937G

Name of the Vulnerable Software and Affected Versions: Cisco Unified IP Conference Station 7937G versions 1-4-4-0 through 1-4-5-7 Description: A denial-of-service issue allows attackers to restart the device remotely by sending specially crafted packets. The product is end of life and users are...

Cisco 7937G All-In-One Exploiter

Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 CVE: CVE-2020-16139, CVE-2020-16138, CVE-2020-16137 !/usr/bin/python import sys import getopt import requests...

PT-2020-14769 · Cisco · Cisco Unified Ip Conference Station 7937G

Name of the Vulnerable Software and Affected Versions: Cisco Unified IP Conference Station 7937G versions 1-4-4-0 through 1-4-5-7 Description: A privilege escalation issue allows attackers to reset the credentials for the SSH administrative console to arbitrary values. The product is end of life...