关联漏洞
标题:多款Cisco产品Adaptive Security Appliance Software 安全漏洞 (CVE-2018-0101)Description:Cisco 3000 Series Industrial Security Appliances(ISR)等都是美国思科(Cisco)公司的安全防火墙设备。Adaptive Security Appliance(ASA)Software是使用在其中的一套防火墙软件。 多款Cisco产品中的ASA Software的Secure Sockets Layer (SSL) VPN功能存在安全漏洞。远程攻击者可通过向配置有webvpn的界面发送特制的XML数据包利用该漏洞造成拒绝服务(重新加载)或执行代码。以下产
Description
A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
介绍
# Cisco ASA honeypot
Cymmetria Research, 2018.
https://www.cymmetria.com/
Contact: research@cymmetria.com
A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability
It is released under the MIT license for the use of the community.
# Usage
```
Usage: asa_server.py [OPTIONS]
A low interaction honeypot for the Cisco ASA component capable of
detecting CVE-2018-0101, a DoS and remote code execution vulnerability
Options:
-h, --host TEXT Host to listen
-p, --port INTEGER Port to listen
-i, --ike-port INTEGER Port to listen for IKE
-s, --enable_ssl Enable SSL
-c, --cert TEXT Certificate File Path (will generate self signed
cert if not supplied)
-v, --verbose Verbose logging
--help Show this message and exit.
Optional settings for hpfeeds logging:
--hpfserver TEXT hpfeeds Server
--hpfport INTEGER hpfeeds Port
--hpfident TEXT hpfeeds Ident
--hpfsecret TEXT hpfeeds Secret
--hofchannel TEXT hpfeeds Channel
--serverid TEXT hpfeeds Serverid
```
The hpfeeds logging options can also be set by using the following os environment variables: HPFEEDS_SERVER, HPFEEDS_PORT, HPFEEDS_IDENT, HPFEEDS_SECRET, HPFEEDS_CHANNEL, SERVERID
See also
--------
https://cymmetria.com/blog/honeypot-cisco-asa-vulnerability/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101
Please consider trying out the MazeRunner Community Edition, the free version of our cyber deception platform.
https://community.cymmetria.com/
文件快照
[4.0K] /data/pocs/15f7d275f5849a79fd7bcf333cef9a23cca0a056
├── [4.0K] asa
│ ├── [ 15] blank.html
│ ├── [ 627] index.html
│ ├── [3.7K] login-header-end.jpg
│ ├── [6.2K] login-header-icon.jpg
│ ├── [3.7K] login-header-middle.jpg
│ ├── [ 695] logon_custom.css
│ ├── [6.2K] logon_failure
│ ├── [7.6K] logon.html
│ ├── [ 142] logon_redir.html
│ ├── [ 12K] portal.css
│ ├── [ 24K] win.js
│ └── [ 70] wrong_url.html
├── [ 12K] asa_server.py
├── [ 108] docker-compose.yml
├── [ 367] Dockerfile
├── [1.8K] gencert.py
├── [2.7K] ike_server.py
├── [1.0K] LICENSE
├── [1.6K] README.md
└── [ 61] requirements.txt
1 directory, 20 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →