diff --git a/documentation/modules/auxiliary/dos/cisco/CVE-2020-16139.md b/documentation/modules/auxiliary/dos/cisco/CVE-2020-16139.md index 4478f76308..9b423652ec 100644 --- a/documentation/modules/auxiliary/dos/cisco/CVE-2020-16139.md +++ b/documentation/modules/auxiliary/dos/cisco/CVE-2020-16139.md @@ -1,27 +1,25 @@ ## Vulnerable Application - 1. Obtain a Cisco 7937G Conference Station. - 2. Enable Web Access on the device (default configuration). - 3. It has been observed that based on the firmware available from Cisco, all version are likely vulnerable. + [Cisco 7937G](https://www.cisco.com/c/en/us/support/collaboration-endpoints/unified-ip-conference-station-7937g/model.html) Conference Station. + This module has been tested successfully against SCCP-1-4-5-5 and SCCP-1-4-5-7. + +### Description + +This module exploits a bug in how the conference station handles executing a ping via it's web interface. By repeatedly executing the ping function without clearing out the resulting output, a DoS is caused that will reset the device after a few minutes. ## Verification Steps - 1. Start msfconsole - 2. Do: `use auxiliary/dos/cisco/CVE-2020-16139` - 3. Do: `set RHOST 192.168.1.10` - 4. Do: `run` - 5. The conference station should become inoperable and then power cycle itself. - -## Options - - 1. rhost (required) - Target addres + 1. Obtain a Cisco 7937G Conference Station. + 2. Enable Web Access on the device (default configuration). + 3. Start msfconsole + 4. Do: `use auxiliary/dos/cisco/CVE-2020-16139` + 5. Do: `set RHOST 192.168.1.10` + 6. Do: `run` + 7. The conference station should become nonresponsive and then power cycle itself. ## Scenarios -Because both successful and unsuccessful attacks result in the request timing out, there -is no way to be sure that the attack was completed. It is recommended to attempt a ping -to the device immediately afterward to verify device is offline/reseting. - +### Cisco 7937G SCCP-1-4-5-7 ``` [*] Starting server... [*] 192.168.110.209 - Sending DoS packets. Stand by.