Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add exploit for Cisco UCS SSH default password #12244

Merged
merged 10 commits into from Aug 30, 2019

Conversation

@pedrib
Copy link
Contributor

commented Aug 28, 2019

    This module abuses a known default password on Cisco UCS Director. The 'scpuser'
    has the password of 'scpuser', and allows an attacker to login to the virtual appliance
    via SSH.
    This module  has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0.
    Note that Cisco also mentions in their advisory that their IMC Supervisor and
    UCS Director Express are also affected by these vulnerabilities, but this module
    was not tested with those products.
pedrib added 6 commits Jul 6, 2019
@pedrib

This comment has been minimized.

Copy link
Contributor Author

commented Aug 28, 2019

Demo VMs can be downloaded from https://www.cisco.com/c/en/us/support/servers-unified-computing/ucs-director-evaluation/model.html
I can also provide a pcap if needed

@pedrib

This comment has been minimized.

Copy link
Contributor Author

commented Aug 29, 2019

also made some adjustments to this one

@space-r7 space-r7 added docs and removed needs-docs labels Aug 30, 2019

pedrib added 2 commits Aug 30, 2019

@wvu-r7 wvu-r7 self-assigned this Aug 30, 2019

wvu-r7 added a commit that referenced this pull request Aug 30, 2019

@wvu-r7 wvu-r7 merged commit e36308e into rapid7:master Aug 30, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@wvu-r7
wvu-r7 approved these changes Aug 30, 2019
@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Aug 30, 2019

Release Notes

The Cisco UCS SSH Default Password module has been added to the framework. It abuses a known default password on Cisco UCS Director and allows an attacker to log in to the virtual appliance via SSH.

@pedrib pedrib deleted the pedrib:cisco_ucs_ssh branch Aug 30, 2019

jmartin-r7 added a commit that referenced this pull request Aug 30, 2019

@tdoan-r7 tdoan-r7 added the rn-modules label Sep 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.