Pedro Ribeiro
1.7 KiB
1.7 KiB
Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary.
Vulnerable Application
This module exploits these vulnerabilities to achieve unauthenticated remote code execution
as root on the CPI default installation.
This module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions
might also be affected, although 3.4.0.0.348 is the latest at the time of writing.
The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.
The vulnerable virtual appliances can be obtained by Cisco customers from the Cisco software
download portal.
Info
Provided by:
Pedro Ribeiro <pedrib@gmail.com>
Available targets:
Id Name
-- ----
0 Cisco Prime Infrastructure < 3.4.1 & 3.3.1 Update 02
Check supported:
Yes
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target address range or CIDR identifier
RPORT 443 yes The target port (TCP)
RPORT_TFTP 69 yes TFTPD port
SSL true yes Use SSL connection
TARGETURI /swimtemp yes swimtemp path
VHOST no HTTP server virtual host