Associated Vulnerability
Title:多款Cisco产品Adaptive Security Appliance Software 安全漏洞 (CVE-2018-0101)Description:A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device. This vulnerability affects Cisco ASA Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, Firepower Threat Defense Software (FTD). Cisco Bug IDs: CSCvg35618.
Description
A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability.
Readme
# Cisco ASA honeypot
Cymmetria Research, 2018.
https://www.cymmetria.com/
Contact: research@cymmetria.com
A low interaction honeypot for the Cisco ASA component capable of detecting CVE-2018-0101, a DoS and remote code execution vulnerability
It is released under the MIT license for the use of the community.
# Usage
```
Usage: asa_server.py [OPTIONS]
A low interaction honeypot for the Cisco ASA component capable of
detecting CVE-2018-0101, a DoS and remote code execution vulnerability
Options:
-h, --host TEXT Host to listen
-p, --port INTEGER Port to listen
-i, --ike-port INTEGER Port to listen for IKE
-s, --enable_ssl Enable SSL
-c, --cert TEXT Certificate File Path (will generate self signed
cert if not supplied)
-v, --verbose Verbose logging
--help Show this message and exit.
Optional settings for hpfeeds logging:
--hpfserver TEXT hpfeeds Server
--hpfport INTEGER hpfeeds Port
--hpfident TEXT hpfeeds Ident
--hpfsecret TEXT hpfeeds Secret
--hofchannel TEXT hpfeeds Channel
--serverid TEXT hpfeeds Serverid
```
The hpfeeds logging options can also be set by using the following os environment variables: HPFEEDS_SERVER, HPFEEDS_PORT, HPFEEDS_IDENT, HPFEEDS_SECRET, HPFEEDS_CHANNEL, SERVERID
See also
--------
https://cymmetria.com/blog/honeypot-cisco-asa-vulnerability/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101
Please consider trying out the MazeRunner Community Edition, the free version of our cyber deception platform.
https://community.cymmetria.com/
File Snapshot
[4.0K] /data/pocs/15f7d275f5849a79fd7bcf333cef9a23cca0a056
├── [4.0K] asa
│ ├── [ 15] blank.html
│ ├── [ 627] index.html
│ ├── [3.7K] login-header-end.jpg
│ ├── [6.2K] login-header-icon.jpg
│ ├── [3.7K] login-header-middle.jpg
│ ├── [ 695] logon_custom.css
│ ├── [6.2K] logon_failure
│ ├── [7.6K] logon.html
│ ├── [ 142] logon_redir.html
│ ├── [ 12K] portal.css
│ ├── [ 24K] win.js
│ └── [ 70] wrong_url.html
├── [ 12K] asa_server.py
├── [ 108] docker-compose.yml
├── [ 367] Dockerfile
├── [1.8K] gencert.py
├── [2.7K] ike_server.py
├── [1.0K] LICENSE
├── [1.6K] README.md
└── [ 61] requirements.txt
1 directory, 20 files
Remarks
1. It is advised to access via the original source first.
2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →