0 votes
by (139 points)
Found a Cisco ASA which is vulnerable to unauthenticated remote code execution, A remote attacker can exploit this issue, via specially crafted UDP packets, to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-1287).

How can I exploit this vulnerability?

1 Answer

0 votes
by (172 points)

You can use this script https://github.com/NetSPI/asa_tools to verify the presence of Cisco ASA RCE (CVE-2016-1287).

it requires python3 and the python hexdump module to be installed

sudo pip3 install hexdump

Download the script and run script.

python3 cisco_asa.py vulnerable-server:500

You will get a result like this and see the Notification data is missing and ASA is vulnerable.

This tool is used to verify the presence of CVE-2016-1287, an unauthenticated remote code execution vulnerability affecting Cisco's ASA products.
No attempt will be made to execute code, this simply observes behavior of affected versions when malformed fragments are sent to the ASA.
Continue? [y/N] 
[*] Sending Initiator Request
[*] Received Response
[+] Valid SA found. Moving on
[*] Sending first fragment
[*] Sending second fragment
[*] Notify Payload found. Printing Notify payload data.
    Next payload: NONE
    Critical bit Not Critical
    Payload length: 8
    Protocol ID: IKE
    SPI Size: 0
    Notify Message Type: Invalid Syntax
    Notification DATA: missing
[+] Notification data is missing.  ASA is vulnerable.
00000000: 66 53 54 71 45 49 58 64  D1 44 DA 79 2B 39 57 8E  fSTqEIXd.D.y+9W.
00000010: 29 20 22 20 00 00 00 00  00 00 00 24 00 00 00 08  ) " .......$....
00000020: 01 00 00 07
Welcome to Codeshikari Q&A, where you can ask any vulnerability related questions and receive answers from the experts of the community. Screenshot-from-2019-03-15-23-08-47