Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112327551753039435">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Apr-2024 03:14:28 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112248930042389555" rel="in-reply-to">in reply to</a></div></section><article><p>In light of recent events, probably best to make this ASA vuln public in public interest: <a href="https://github.com/GossiTheDog/Exploits/blob/main/Cisco-CVE-2020-3259.sh" rel="nofollow noreferrer">https://github.com/GossiTheDog/Exploits/blob/main/Cisco-CVE-2020-3259.sh</a></p><p>If you get &lt;argument&gt; back with toke inside, not vuln.  If you get a memory dump back, you vuln.</p><p>The path exists even with webvpn disabled, it's the host checker.</p><p>Credits to person who found it, don't know if they want to be named.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2657839#notice-5934374">In conversation</a><time datetime="2024-04-25T03:14:28+09:00" title="Thursday, 25-Apr-2024 03:14:28 JST">about 11 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112327551753039435" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112327551753039435">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2542084">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Apr-2024 03:14:28 JST Kevin Beaumont
in reply to
In light of recent events, probably best to make this ASA vuln public in public interest: https://github.com/GossiTheDog/Exploits/blob/main/Cisco-CVE-2020-3259.sh
If you get <argument> back with toke inside, not vuln. If you get a memory dump back, you vuln.
The path exists even with webvpn disabled, it's the host checker.
Credits to person who found it, don't know if they want to be named.
In conversationabout 11 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice