Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-20198 PoC — Cisco IOS XE Software 安全漏洞

Source
https://github.com/IceBreakerCode/CVE-2023-20198
Associated Vulnerability
Title:Cisco IOS XE Software 安全漏洞 (CVE-2023-20198)
Description:Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。
Readme
# 🔍 **Cisco IOS XE Web UI Vulnerability Scanner - CVE-2023-20198** 🚨

---

🚫 **Critical Risk** | CVSS: 10.0 | 📅 Updated: Oct 17, 2023

---

## Overview:
A swift and powerful scanner for detecting critical vulnerabilities in the web UI of Cisco IOS XE Software. Protect your system from unauthorized level 15 access, putting control at risk!

## 🌟 Features:
- 📌 Spot potential implants for system-level commands.
- ⚡ Speedy multi-threaded scanning.
- 📁 Clean logs for effortless analysis.

## 📌 Context:
- **Affected**: Cisco IOS XE Software with web UI enabled.
- **Current Threat**: Active exploitations. Watch out for "cisco_tac_admin" and "cisco_support"!
- **Advice**: Turn off HTTP Server for internet-facing setups. Limit to trusted networks only.
- **Dangers**: Compromised devices risk traffic surveillance, network manipulation, and more.

🔗 [Official Cisco Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z)

---

## 🛠 How to Use:
1. Run the Python script.
2. Provide target subnet or IP (e.g., X.X.X.X/24).
3. Results in `scan_results.txt` & terminal.
4. Ensure all Python prerequisites & right permissions.

## ⚠️ Important:
Double-check devices with potential vulnerabilities. Consult an expert if unsure about findings.

---

## 📝 Legal Notice:
For educational & informational use only. Unauthorized scanning is illegal. Get consent before scanning. The developer & contributors aren't responsible for misuse. Act responsibly.

---

## 👥 Credits:
- 🖋️ Dev: [@IceBreakerCode](https://github.com/IceBreakerCode)
- 📌 CVE Info: Cisco's official advisory

🙌 **Join Us!** Your contributions to enhance this tool are welcome. We'll honor your efforts here!

🔒 **Safety First:** Scan only networks you're permitted to assess.

🔗 **Stay Informed:** [Official Cisco Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z) for updates & fixes.
File Snapshot

 [4.0K]  /data/pocs/7fb34171d0aacbc1a5275678b9dd29344bc1b356
├── [3.7K]  CVE-2023-20198.py
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.