关联漏洞
标题:
Cisco IOS XE Software 安全漏洞
(CVE-2023-20198)
描述:Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。
描述
This script can identify if Cisco IOS XE devices are vulnerable to CVE-2023-20198
介绍
# CVE_2023_20198_Detector
This script can identify if Cisco IOS XE devices are vulnerable to CVE-2023-20198. The script takes as input a csv file with all the device IP addresses that you want to check. By default the script looks for a file named "devices.csv"; you can name the file something different but then you must pass the "--devices" argument to the script followed by the file name.
The script generates a csv report in the current directory it's being executed from, containing the results for any given device. If you see anything other than "NO" in the vulnerabilites found column then that means the device is vulnerable.
The script is threaded and will analyze 10 devices in parallel at a time; DO NOT increase the threads unless you are certain of what you are doing. The script is READ ONLY and will not make any configuration changes to any devices it ssh's into. Use at your own risk.
## Usage/Examples
```bash
python3 CVE_2023_20198_detector.py --devices ios_xe_devices.csv
python3 CVE_2023_20198_detector.py
```
文件快照
[4.0K] /data/pocs/062f63afd2573b8b4c2bff4cad56f2628ef8bb42
├── [4.5K] CVE_2023_20198_detector.py
├── [ 35] example_devices.csv
├── [1.0K] LICENSE
├── [1.0K] README.md
└── [ 212] requirements.txt
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。