Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more checks to cisco_directory_traversal module #11500

Merged
merged 2 commits into from Mar 1, 2019

Conversation

Projects
None yet
3 participants
@space-r7
Copy link
Contributor

space-r7 commented Feb 28, 2019

Referencing issue #11162, this adds more checks to auxiliary/scanner/http/cisco_directory_traversal.rb to ensure more vulnerable devices are covered.

Originally, this module only checked the VPN software login page for SSL VPN Service, which ultimately restricted the number of vulnerable devices exploited.

space-r7 added some commits Feb 28, 2019

@bcoles

bcoles approved these changes Mar 1, 2019

@bcoles bcoles self-assigned this Mar 1, 2019

@bcoles bcoles merged commit ca39542 into rapid7:master Mar 1, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bcoles added a commit that referenced this pull request Mar 1, 2019

@bcoles bcoles added the rn-fix label Mar 1, 2019

msjenkins-r7 added a commit that referenced this pull request Mar 1, 2019

@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Mar 1, 2019

Release Notes

This updates the scanner/http/cisco_directory_traversal auxiliary module with a more permissive software detection regex to ensure targets aren't falsely reported as inaccessible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.