Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more checks to cisco_directory_traversal module #11500

merged 2 commits into from Mar 1, 2019


None yet
3 participants
Copy link

space-r7 commented Feb 28, 2019

Referencing issue #11162, this adds more checks to auxiliary/scanner/http/cisco_directory_traversal.rb to ensure more vulnerable devices are covered.

Originally, this module only checked the VPN software login page for SSL VPN Service, which ultimately restricted the number of vulnerable devices exploited.

space-r7 added some commits Feb 28, 2019


bcoles approved these changes Mar 1, 2019

@bcoles bcoles self-assigned this Mar 1, 2019

@bcoles bcoles merged commit ca39542 into rapid7:master Mar 1, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Metasploit Automation - Test Execution Successfully completed all tests.
continuous-integration/travis-ci/pr The Travis CI build passed

bcoles added a commit that referenced this pull request Mar 1, 2019

@bcoles bcoles added the rn-fix label Mar 1, 2019

msjenkins-r7 added a commit that referenced this pull request Mar 1, 2019


This comment has been minimized.

Copy link

bcoles commented Mar 1, 2019

Release Notes

This updates the scanner/http/cisco_directory_traversal auxiliary module with a more permissive software detection regex to ensure targets aren't falsely reported as inaccessible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.