Associated Vulnerability
Title:Cisco IOS XE Software 安全漏洞 (CVE-2023-20198)Description:Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
Description
An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS routers
Readme
# CVE-2023-20198
An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS XE
Hackers have been widely exploiting the this vulnerability which creates a 15 level privilege user by bypassing the authentication
Which a malicous xml content make this exploitation the webui endpoint of cisco.This is not only for Exploitation also detects
vulneable implant for exploitations and The tool can also use for mass detectiona and exploitation!.
# Installation
```bash
git clone https://github.com/sanjai-AK47/CVE-2023-20198.git
cd CVE-2023-20198
pip install -r requirements.txt
```
# Usages:
## Modes:
```bash
python3 exploit.py --help
usage: exploit.py [-h] {Detect,Exploit} ...
[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-20198
options:
-h, --help show this help message and exit
[MODE]: Exploitation | Detections Modes:
{Detect,Exploit} [INFO]: Select either Exploit or Detect mode
Detect [INFO]: Detection mode detect the vulnerable implant to exploit
Exploit [INFO]: Exploitation mode exploit the vulnerable implant of CVE-2023-20198
```
## Detection:
```bash
python3 exploit.py Detect -h
usage: exploit.py Detect [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
[INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
-dL DOMAINS_LIST, --domains-list DOMAINS_LIST
[INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
-px PROXY, --proxy PROXY
[INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
-to TIME_OUT, --time-out TIME_OUT
[INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
-o OUTPUT, --output OUTPUT
[INFO]: File name to save output
-v, --verbose [INFO]: Switching verbose will shows failed and offline targets
```
## Exploitation
```bash
python3 exploit.py Exploit -h
usage: exploit.py Exploit [-h] [-cfc CONFIG_CONTENT] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]
options:
-h, --help show this help message and exit
-cfc CONFIG_CONTENT, --config-content CONFIG_CONTENT
[INFO]: Customized config contents for exploitation
-d DOMAIN, --domain DOMAIN
[INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
-dL DOMAINS_LIST, --domains-list DOMAINS_LIST
[INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
-px PROXY, --proxy PROXY
[INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
-to TIME_OUT, --time-out TIME_OUT
[INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
-o OUTPUT, --output OUTPUT
[INFO]: File name to save output
-v, --verbose [INFO]: Switching verbose will shows failed and offline targets
```
# Information:
Since the exploitation and detection tool is developed by theoritical poc by [Horizona3](https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/)https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/Imp which is help me to develop this
tool for this CVE and for detection it can detect the vulnerable cisco implant but for proper exploitation users needs to pass the malicous XML content that is is theoritical poc of horizona3 need
to be given by users for exploitations because of only theoritical explaination have to do this but soon after proper information and resources will upgrade this exploitation and detection Tool
# Warning:
Important thing if any unethical exploitation the I'm not responsible for any illegal actions so plese use this for ethical and legal
purposes
Proof of conept Developed by [D.Sanjai Kumar](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) with ♥️ for any upgrade and miscoded contact me throguh my [LinkedIn](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/).
Thank you!
File Snapshot
[4.0K] /data/pocs/2c1e7f0757c721e2ebb301f0657d8e311db9f47d
├── [ 19K] exploit.py
├── [1.0K] LICENSE
├── [4.4K] README.md
└── [ 50] requirements.txt
0 directories, 4 files
Remarks
1. It is advised to access via the original source first.
2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →