CVE-2025-6980-check/scan.py at main · BishopFox/CVE-2025-6980-check · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env python3

import sys
import urllib3

import requests


def main():
    # Usage
    if len(sys.argv) < 2 or sys.argv[1] in ["-h", "--help"]:
        print(
            """Arista NGFW CVE-2025-6980 scanner by Bishop Fox
  - Tests a target for info disclosure CVE-2025-6980
  - Does not perform any administrative actions on the target

Usage: python3 scan.py http[s]://[TARGET]
"""
        )
        sys.exit(0)

    # Test
    target = sys.argv[1]
    print(f"[*] Testing {target}")
    try:
        urllib3.disable_warnings(category=urllib3.exceptions.InsecureRequestWarning)
        resp = requests.get(
            url=f"{target}/capture/handler.py/load_rpc_manager",
            headers={
                "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36"
            },
            verify=False,
            timeout=15,
        )

        # Result
        if resp.status_code == 500 and "Mod_python error" in resp.text:
            print("[!] Target is VULNERABLE - update immediately!")
        elif resp.status_code == 404 and '<body class="loginPage">' in resp.text:
            print("[+] Target is not affected")
        else:
            print("[-] Target does not appear to be Arista NGFW")

    # Error
    except Exception as err:
        print(f"[-] Request failed: {err}")


if __name__ == "__main__":
    main()