module

Cisco DCNM auth bypass

Disclosed	Created
2020-06-01	2021-06-24

Disclosed

2020-06-01

Created

2021-06-24

Description

This exploit is able to add an admin account to a Cisco DCNM with credentials you can choose.
After that, you can login to the web interface with those credentials.
The only necessary condition is the more or less recent connection of an admin as this exploit
uses a kind of session stealing.

Authors

MR_ME
Yann Castel (yann.castel Yann Castel (yann.castel@orange.com)

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use auxiliary/admin/networking/cisco_dcnm_auth_bypass
    msf auxiliary(cisco_dcnm_auth_bypass) > show actions
        ...actions...
    msf auxiliary(cisco_dcnm_auth_bypass) > set ACTION < action-name >
    msf auxiliary(cisco_dcnm_auth_bypass) > show options
        ...show and set options...
    msf auxiliary(cisco_dcnm_auth_bypass) > run

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today