CVE-2023-20198 PoC — Cisco IOS XE Software 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-20198.yaml

Associated Vulnerability

Title:Cisco IOS XE Software 安全漏洞 (CVE-2023-20198)
Description:Cisco IOS XE Software是美国思科（Cisco）公司的一个操作系统。用于企业有线和无线访问，汇聚，核心和WAN的单一操作系统，Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞，该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。

Description

Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory.
Cisco will provide updates on the status of this investigation and when a software patch is available.

File Snapshot


 id: CVE-2023-20198

info:
  name: Cisco IOS XE - Authentication Bypass
  author: iamnoooob,rootxhars

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!