关联漏洞
标题:
Cisco IOS XE Software 安全漏洞
(CVE-2023-20198)
描述:Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。
描述
CVE-2023-20198 Checkscript
介绍
# CVE-2023-20198
CVE-2023-20198 Checkscript based on: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Including the updated where there is an Authorization header to check for the known implant.
!! Upgraded to look for upgraded implant
The script checks length of returned response with code 200, and checks if length is shorter then 32 characters. Each IP returning shorter length than 32 chars should be checked to se if device is compromised. This script *only* gives you an indicator, not proof that the device is compromised.
The script also checks if the implant has been upgraded, as dicovered by Fox-IT: https://github.com/fox-it/cisco-ios-xe-implant-detection
Run:
```
python cve-2023-20198.py
and enter you desired subnet to scan. For example:
python CVE-2023-20198
Enter the subnet (CIDR notation): 10.0.0.0/22
IP: 10.0.0.94 - Error: no reply
IP: 10.0.0.94 - Error: no reply
IP: 10.0.0.96 - Status: 200
IP: 10.0.0.96 - Response is a potentially suspicious:
IPs with status code 200, suspicious length, should be checked:
['10.0.0.96']
IPs with status code 200, but no IOC:
[]
```
文件快照
[4.0K] /data/pocs/2b707b227db67ae4316059076e107d2ea9c32f57
├── [3.1K] CVE-2023-20198.py
└── [1.1K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。