Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-20048 PoC — Cisco Firepower Management Center 安全漏洞

Source
https://github.com/0zer0d4y/FuegoTest
Associated Vulnerability
Title:Cisco Firepower Management Center 安全漏洞 (CVE-2023-20048)
Description:A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.
Description
A CLI tool for detecting CVE-2023-20048 vulnerability in Cisco Firepower Management Center.
Readme

# FuegoTest

FuegoTest is a Command Line Interface (CLI) tool designed to detect devices potentially vulnerable to CVE-2023-20048 in Cisco Firepower Management Center (FMC). Utilizing the rich library, FuegoTest provides an enhanced user experience with progress bars and styled text for terminal output.

## Features

- Authenticate with Cisco FMC using provided credentials.
- Fetch and list devices managed by the FMC.
- Detect devices potentially vulnerable to CVE-2023-20048.
- Enhanced terminal output with progress bars and styled text.

## Prerequisites

Before you begin, ensure you have met the following requirements:

- Python 3.6 or higher
- pip for installing dependencies

## Installation

To install FuegoTest, follow these steps:

1. Clone the repository:
   ```bash
   git clone https://github.com/yourusername/FuegoTest.git
   ```
2. Navigate to the FuegoTest directory:
   ```bash
   cd FuegoTest
   ```
3. Install the required Python packages:
   ```bash
   pip install -r requirements.txt
   ```

## Usage

To use FuegoTest, you'll need to provide the URL, username, password, and domain ID of your Cisco FMC. Run the following command and follow the prompts:

```bash
python fuegotest.py detect
```

You can also provide the details as options:

```bash
python fuegotest.py detect --fmc-url=<FMC_URL> --fmc-user=<FMC_USER> --fmc-pass=<FMC_PASS> --domain-id=<DOMAIN_ID>
```
File Snapshot

 [4.0K]  /data/pocs/6133b9beca2238b75a776c463b0bd17dc561349d
├── [4.0K]  fuegotest
│   ├── [2.2K]  core.py
│   └── [   0]  __init__.py
├── [1.7K]  fuegotest.py
├── [1.4K]  README.md
└── [  20]  requirements.txt

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →