关联漏洞
描述
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software.
介绍
## 🗒️ How to use ##
- ## cve‑20124 (RCE): ##
> python3 Exploit.py --url https://ise.example.com
--Session your_ISE_Session_Token --DESER-CMD "Touch /TMP /PWWNED"
- ## cve‑20125 (authorized bypass): ##
>python3 Exploit.py --url https://ise.example.com
--Session your_ISE_Session_Token --Bbypass
- ⚠️ Important note
Both drive require an ISE administrator to log in (the administrator only read is enough)
- This is only an example; In the actual you need:
> The Java utility chain is true to sequentially self -transparent CVE‑201224.
> Final score authentication (using assumption/API/V1/Admin/*).
🔍 Reference source
Cisco ADVISORY CVE‑20124 & Cve‑20125 - Receive RCE level & ignore the required authentication.
文件快照
[4.0K] /data/pocs/66bc5c0ff8e8e90286351aff80c19e1501a8eda6
├── [2.9K] Exploit.py
└── [ 748] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。