关联漏洞
标题:
Cisco IOS XE Software 安全漏洞
(CVE-2023-20198)
描述:Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。
描述
Cisco CVE-2023-20198
介绍
# Cisco_CVE-2023-20198
Cisco CVE-2023-20198
👉 Cisco warned of a critical authentication bypass zero-day vulnerability (CVE-2023-20198) in its IOS XE software that allows unauthenticated attackers to gain full administrative privileges.
👨💻 The vulnerability only affects devices with the Web User Interface (Web UI) feature enabled that also have the HTTP or HTTPS Server feature turned on.
👩💻 Cisco discovered attacks exploiting this vulnerability on September 28 and October 12, with attackers creating local administrator accounts and deploying a malicious implant.
🔍 As mitigation, Cisco recommends disabling the HTTP and HTTPS servers on affected devices to block attacks.
文件快照
[4.0K] /data/pocs/afb127c98101d504d689fcc7039c85f4c07cb6c4
├── [1.1K] payload
└── [ 829] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。