Network infrastructure

From pentestwiki.org

Attacks on Network equipment: Routers, Switches, VPN

Mikrotik


Juniper

Cisco

VPN Servers

Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure CVSS 10.0 Metasploit exploit: https://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html

Citrix NetScaler

CVE-2019-19781

On Dec. 17, 2019, a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk. Affected products include:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

References:

Home routers

  • Scan for CVE-2015-3036 (NetUSB Kcodes)
$nmap -p 20005 --open 192.168.1.*


  • Scan for CWMP Modem RCE / XXE
$nmap -p 7457 --open 192.168.1.*


  • Scan for faximum
$nmap -p 7437 --open 192.168.1.*


  • Scan for UPnP
$nmap -p 37215 -sV --open 192.168.1.*