CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Metasploit Modules Related To Cisco

CVE-2000-380  Cisco IOS HTTP GET /%% Request Denial of Service
This module triggers a Denial of Service condition in the Cisco IOS HTTP server. By sending a GET request for "/%%", the device becomes unresponsive. IOS 11.1 -> 12.1 are reportedly vulnerable. This module tested successfully against a Cisco 1600 Router IOS v11.2(18)P.
Module type : auxiliary Rank : normal
CVE-2000-945  Cisco Device HTTP Device Manager Access
This module gathers data from a Cisco device (router or switch) with the device manager web interface exposed. The USERNAME and PASSWORD options can be used to specify authentication.
Module type : auxiliary Rank : normal
CVE-2001-537  Cisco IOS HTTP Unauthorized Administrative Access
This module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 -> 12.2 are reportedly vulnerable. This module tested successfully against a Cisco 1600 Router IOS v11.3(11d).
Module type : auxiliary Rank : normal
CVE-2002-1359  PuTTY Buffer Overflow
This module exploits a buffer overflow in the PuTTY SSH client that is triggered through a validation error in SSH.c. This vulnerability affects versions 0.53 and earlier.
Module type : exploit Rank : normal Platforms : Windows
CVE-2006-4313  Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
This module tests for a logic vulnerability in the Cisco VPN Concentrator 3000 series. It is possible to execute some FTP statements without authentication (CWD, RNFR, MKD, RMD, SIZE, CDUP). It also appears to have some memory leak bugs when working with CWD commands. This module simply creates an arbitrary directory, verifies that the directory has been created, then deletes it and verifies deletion to confirm the bug.
Module type : auxiliary Rank : normal
CVE-2008-3558  WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow
This module exploits a stack-based buffer overflow in WebEx's WebexUCFObject ActiveX Control. If an long string is passed to the 'NewObject' method, a stack- based buffer overflow will occur when copying attacker-supplied data using the sprintf function. It is noteworthy that this vulnerability was discovered and reported by multiple independent researchers. To quote iDefense's advisory, "Before this issue was publicly reported, at least three independent security researchers had knowledge of this issue; thus, it is reasonable to believe that even more people were aware of this issue before disclosure." NOTE: Due to input restrictions, this exploit uses a heap-spray to get the payload into memory unmodified.
Module type : exploit Rank : good Platforms : Windows
CVE-2011-951  Cisco Secure ACS Unauthorized Password Change
This module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well as version 5.2 with either no patches or patches 1 and 2 are vulnerable.
Module type : auxiliary Rank : normal
CVE-2011-2039  Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
This module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.
Module type : exploit Rank : excellent Platforms : Windows
CVE-2011-3305  Cisco Network Access Manager Directory Traversal Vulnerability
This module tests whether a directory traversal vulnerablity is present in versions of Cisco Network Access Manager 4.8.x You may wish to change FILE (e.g. passwd or hosts), MAXDIRS and RPORT depending on your environment.
Module type : auxiliary Rank : normal
CVE-2012-284  Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow
This module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
Module type : exploit Rank : normal Platforms : Windows
CVE-2013-5486  Cisco Prime Data Center Network Manager Arbitrary File Upload
This module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).
Module type : exploit Rank : excellent Platforms : Java
CVE-2014-2127  Cisco ASA SSL VPN Privilege Escalation Vulnerability
This module exploits a privilege escalation vulnerability for Cisco ASA SSL VPN (aka: WebVPN). It allows level 0 users to escalate to level 15.
Module type : auxiliary Rank : normal
CVE-2014-3300  Viproy CUCDM IP Phone XML Services - Call Forwarding Tool
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) 10 does not properly implement access control, which allows remote attackers to modify user information. This module exploits the vulnerability to configure unauthorized call forwarding.
Module type : auxiliary Rank : normal
CVE-2014-3300  Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM), before version 10, doesn't implement access control properly, which allows remote attackers to modify user information. This module exploits the vulnerability to make unauthorized speeddial entity manipulations.
Module type : auxiliary Rank : normal
CVE-2014-7992  Cisco DLSw Information Disclosure Scanner
This module implements the DLSw information disclosure retrieval. There is a bug in Cisco's DLSw implementation affecting 12.x and 15.x trains that allows an unuthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active.
Module type : auxiliary Rank : normal

Please note: Metasploit modules are only matched by CVE numbers. There may be other modules related to this product. Visit metasploit web site for more details
Total number of modules found = 15   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.