关联漏洞
标题:
Cisco IOS XE Software 安全漏洞
(CVE-2023-20198)
描述:Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。
介绍
# 🔍 **Cisco IOS XE Web UI Vulnerability Scanner - CVE-2023-20198** 🚨
---
🚫 **Critical Risk** | CVSS: 10.0 | 📅 Updated: Oct 17, 2023
---
## Overview:
A swift and powerful scanner for detecting critical vulnerabilities in the web UI of Cisco IOS XE Software. Protect your system from unauthorized level 15 access, putting control at risk!
## 🌟 Features:
- 📌 Spot potential implants for system-level commands.
- ⚡ Speedy multi-threaded scanning.
- 📁 Clean logs for effortless analysis.
## 📌 Context:
- **Affected**: Cisco IOS XE Software with web UI enabled.
- **Current Threat**: Active exploitations. Watch out for "cisco_tac_admin" and "cisco_support"!
- **Advice**: Turn off HTTP Server for internet-facing setups. Limit to trusted networks only.
- **Dangers**: Compromised devices risk traffic surveillance, network manipulation, and more.
🔗 [Official Cisco Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z)
---
## 🛠 How to Use:
1. Run the Python script.
2. Provide target subnet or IP (e.g., X.X.X.X/24).
3. Results in `scan_results.txt` & terminal.
4. Ensure all Python prerequisites & right permissions.
## ⚠️ Important:
Double-check devices with potential vulnerabilities. Consult an expert if unsure about findings.
---
## 📝 Legal Notice:
For educational & informational use only. Unauthorized scanning is illegal. Get consent before scanning. The developer & contributors aren't responsible for misuse. Act responsibly.
---
## 👥 Credits:
- 🖋️ Dev: [@IceBreakerCode](https://github.com/IceBreakerCode)
- 📌 CVE Info: Cisco's official advisory
🙌 **Join Us!** Your contributions to enhance this tool are welcome. We'll honor your efforts here!
🔒 **Safety First:** Scan only networks you're permitted to assess.
🔗 **Stay Informed:** [Official Cisco Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z) for updates & fixes.
文件快照
[4.0K] /data/pocs/7fb34171d0aacbc1a5275678b9dd29344bc1b356
├── [3.7K] CVE-2023-20198.py
└── [2.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。