Cisco Systems IP Phone Configuration Page
SecWithMoh opened this issue · comments
Template Information:
This template designed to identify Cisco IP Phones with potentially exposed configuration pages. By leveraging a simple HTTP GET request, this template targets the Serviceability adapter's device statistics and configuration page. If the targeted page contains specific keywords, such as "Network Configuration" or "Services URL," the presence of these words indicates a successful match. This template operates with a medium severity level, suggesting that while the exposed information might not immediately lead to system compromise, it could provide valuable insights into the network setup or phone services, potentially aiding further attacks or reconnaissance activities.
-
Google dork For find this type of vuln:
inurl:"/CGI/Java/Serviceability?adapter="
Nuclei Template:
id: Cisco-ip-phone-config-page-check
info:
name: Cisco Systems IP Phone Configuration Page Check
author: SecWithMoh
description: This template designed to identify Cisco IP Phones with potentially exposed configuration pages. By leveraging a simple HTTP GET request, this template targets the Serviceability adapter's device statistics and configuration page. If the targeted page contains specific keywords, such as "Network Configuration" or "Services URL," the presence of these words indicates a successful match. This template operates with a medium severity level, suggesting that while the exposed information might not immediately lead to system compromise, it could provide valuable insights into the network setup or phone services, potentially aiding further attacks or reconnaissance activities.
severity: medium
http:
- method: GET
path:
- "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.statistics.configuration"
- "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.statistics.device"
- "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.settings.status.messages"
- "{{BaseURL}}/CGI/Java/Serviceability?adapter=device.statistics.ethernet"
matchers:
- type: word
words:
- "Network Configuration"
- "Services URL"