CVE-2023-20198 PoC — Cisco IOS XE Software 安全漏洞

Source

https://github.com/Vulnmachines/Cisco_CVE-2023-20198

Associated Vulnerability

Title:Cisco IOS XE Software 安全漏洞 (CVE-2023-20198)
Description:Cisco IOS XE Software是美国思科（Cisco）公司的一个操作系统。用于企业有线和无线访问，汇聚，核心和WAN的单一操作系统，Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞，该漏洞源于允许未经身份验证的远程攻击者在受影响的系统上创建具有特权的帐户。

Description

Cisco CVE-2023-20198

Readme

# Cisco_CVE-2023-20198
Cisco CVE-2023-20198

👉  Cisco warned of a critical authentication bypass zero-day vulnerability (CVE-2023-20198) in its IOS XE software that allows unauthenticated attackers to gain full administrative privileges.  

👨‍💻 The vulnerability only affects devices with the Web User Interface (Web UI) feature enabled that also have the HTTP or HTTPS Server feature turned on.  

👩‍💻  Cisco discovered attacks exploiting this vulnerability on September 28 and October 12, with attackers creating local administrator accounts and deploying a malicious implant.

🔍 As mitigation, Cisco recommends disabling the HTTP and HTTPS servers on affected devices to block attacks. 

![Cisco](https://github.com/Vulnmachines/Cisco_CVE-2023-20198/assets/79006904/c26ebb48-d8ce-43a0-a970-91b82fb09bce)

File Snapshot


 [4.0K]  /data/pocs/afb127c98101d504d689fcc7039c85f4c07cb6c4
├── [1.1K]  payload
└── [ 829]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!