parent
27d889a599
commit
b4689dfa2d
|
@ -1,27 +1,25 @@
|
||||||
## Vulnerable Application
|
## Vulnerable Application
|
||||||
|
|
||||||
1. Obtain a Cisco 7937G Conference Station.
|
[Cisco 7937G](https://www.cisco.com/c/en/us/support/collaboration-endpoints/unified-ip-conference-station-7937g/model.html) Conference Station.
|
||||||
2. Enable Web Access on the device (default configuration).
|
This module has been tested successfully against SCCP-1-4-5-5 and SCCP-1-4-5-7.
|
||||||
3. It has been observed that based on the firmware available from Cisco, all version are likely vulnerable.
|
|
||||||
|
### Description
|
||||||
|
|
||||||
|
This module exploits a bug in how the conference station handles executing a ping via it's web interface. By repeatedly executing the ping function without clearing out the resulting output, a DoS is caused that will reset the device after a few minutes.
|
||||||
|
|
||||||
## Verification Steps
|
## Verification Steps
|
||||||
|
|
||||||
1. Start msfconsole
|
1. Obtain a Cisco 7937G Conference Station.
|
||||||
2. Do: `use auxiliary/dos/cisco/CVE-2020-16139`
|
2. Enable Web Access on the device (default configuration).
|
||||||
3. Do: `set RHOST 192.168.1.10`
|
3. Start msfconsole
|
||||||
4. Do: `run`
|
4. Do: `use auxiliary/dos/cisco/CVE-2020-16139`
|
||||||
5. The conference station should become inoperable and then power cycle itself.
|
5. Do: `set RHOST 192.168.1.10`
|
||||||
|
6. Do: `run`
|
||||||
## Options
|
7. The conference station should become nonresponsive and then power cycle itself.
|
||||||
|
|
||||||
1. rhost (required) - Target addres
|
|
||||||
|
|
||||||
## Scenarios
|
## Scenarios
|
||||||
|
|
||||||
Because both successful and unsuccessful attacks result in the request timing out, there
|
### Cisco 7937G SCCP-1-4-5-7
|
||||||
is no way to be sure that the attack was completed. It is recommended to attempt a ping
|
|
||||||
to the device immediately afterward to verify device is offline/reseting.
|
|
||||||
|
|
||||||
```
|
```
|
||||||
[*] Starting server...
|
[*] Starting server...
|
||||||
[*] 192.168.110.209 - Sending DoS packets. Stand by.
|
[*] 192.168.110.209 - Sending DoS packets. Stand by.
|
||||||
|
|
Loading…
Reference in New Issue