Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-20198
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未保护的候选通道
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IOS XE Software 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CiscoCisco IOS XE Software 16.1.1 -
II. Public POCs for CVE-2023-20198
#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/raystr-atearedteam/CVE-2023-20198-checkerPOC Details
2CVE-2023-20198 Checkscripthttps://github.com/Atea-Redteam/CVE-2023-20198POC Details
3cisco-CVE-2023-20198-tester https://github.com/securityphoenix/cisco-CVE-2023-20198-testerPOC Details
4Nonehttps://github.com/emomeni/Simple-Ansible-for-CVE-2023-20198POC Details
5CVE-2023-20198 & 0Day Implant Scannerhttps://github.com/ZephrFish/CVE-2023-20198-CheckerPOC Details
6Checker for CVE-2023-20198 , Not a full POC Just checks the implementation and detects if hex is in response or nothttps://github.com/JoyGhoshs/CVE-2023-20198POC Details
7CVE-2023-20198 PoC (!)https://github.com/Tounsi007/CVE-2023-20198POC Details
8This script can identify if Cisco IOS XE devices are vulnerable to CVE-2023-20198https://github.com/alekos3/CVE_2023_20198_DetectorPOC Details
9Ansible Playbook for CVE-2023-20198https://github.com/ditekshen/ansible-cve-2023-20198POC Details
10Nonehttps://github.com/reket99/Cisco_CVE-2023-20198POC Details
111vere$k POC on the CVE-2023-20198https://github.com/iveresk/cve-2023-20198POC Details
12CISCO CVE POC SCRIPThttps://github.com/sohaibeb/CVE-2023-20198POC Details
13Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)https://github.com/fox-it/cisco-ios-xe-implant-detectionPOC Details
14A PoC for CVE 2023-20198https://github.com/Pushkarup/CVE-2023-20198POC Details
15This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273https://github.com/Shadow0ps/CVE-2023-20198-ScannerPOC Details
16Check a target IP for CVE-2023-20198https://github.com/kacem-expereo/CVE-2023-20198POC Details
17Nonehttps://github.com/mr-r3b00t/CVE-2023-20198-IOS-XE-ScannerPOC Details
18Nonehttps://github.com/ohlawd/CVE-2023-20198POC Details
19Nonehttps://github.com/IceBreakerCode/CVE-2023-20198POC Details
20An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS routers https://github.com/sanjai-AK47/CVE-2023-20198POC Details
21CVE-2023-20198 Exploit PoChttps://github.com/smokeintheshell/CVE-2023-20198POC Details
22Check for and remediate conditions that make an IOS-XE device vulnerable to CVE-2023-20198https://github.com/netbell/CVE-2023-20198-FixPOC Details
23Cisco CVE-2023-20198https://github.com/Vulnmachines/Cisco_CVE-2023-20198POC Details
24An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS routers https://github.com/RevoltSecurities/CVE-2023-20198POC Details
25CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.https://github.com/W01fh4cker/CVE-2023-20198-RCEPOC Details
26Nonehttps://github.com/sanan2004/CVE-2023-20198POC Details
27🚨 Just completed a detailed investigation for Event ID 193: "SOC231 - Cisco IOS XE Web UI ZeroDay (CVE-2023-20198)" via @LetsDefend.io. The attacker successfully bypassed authentication, gaining admin control over the device! Immediate containment was critical. Stay vigilant! 💻🔐https://github.com/AhmedMansour93/Event-ID-193-Rule-Name-SOC231-Cisco-IOS-XE-Web-UI-ZeroDay-CVE-2023-20198-POC Details
28CVE-2023-20198是思科IOS XE软件Web UI功能中的一个严重漏洞,允许未经身份验证的远程攻击者在受影响的系统上创建具有特权级别15的账户,从而完全控制设备。https://github.com/XiaomingX/CVE-2023-20198-pocPOC Details
29CVE-2023-20198是思科IOS XE软件Web UI功能中的一个严重漏洞,允许未经身份验证的远程攻击者在受影响的系统上创建具有特权级别15的账户,从而完全控制设备。https://github.com/XiaomingX/cve-2023-20198-pocPOC Details
30A go-exploit to scan for implanted Cisco IOS XE Systems cve-2023-20198, go-exploithttps://github.com/unsightlyabol/cisco-ios-xe-implant-scannerPOC Details
31Exploit PoC for CVE-2023-20198https://github.com/G4sul1n/Cisco-IOS-XE-CVE-2023-20198POC Details
32Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory. Cisco will provide updates on the status of this investigation and when a software patch is available. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-20198.yamlPOC Details
33Nonehttps://github.com/Arshit01/CVE-2023-20198POC Details
34A cybersecurity case study analysing CVE-2023-20198 in Cisco IOS XE, covering vulnerability exploitation, mitigation strategies, secure software development frameworks, and patch management policies, with practical insights from a controlled lab environmenthttps://github.com/Religan/CVE-2023-20198POC Details
35CVE-2023-20198是思科IOS XE软件Web UI功能中的一个严重漏洞,允许未经身份验证的远程攻击者在受影响的系统上创建具有特权级别15的账户,从而完全控制设备。https://github.com/djayaGit/cve-2023-20198-poc-ciscoPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-20198
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Cisco IOS XE Software
Same vendor: Cisco
Same weakness: CWE-420
V. Comments for CVE-2023-20198

No comments yet

Leave a comment