Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-20198 PoC — Cisco IOS XE Software 安全漏洞

Source
https://github.com/Pushkarup/CVE-2023-20198
Associated Vulnerability
Title:Cisco IOS XE Software 安全漏洞 (CVE-2023-20198)
Description:Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
Description
A PoC for CVE 2023-20198
Readme
# CVE 2023-20198
<img width="518" alt="Screenshot 2023-10-23 234005" src="https://github.com/Pushkarup/CVE-2023-20198/assets/148672587/f14ad83f-0758-4cca-8a5b-f851112c2ae4">

## Introduction
The web UI component of Cisco IOS XE Software has a previously undiscovered vulnerability that, when exposed to the internet or untrusted networks, is already being actively exploited, according to Cisco. Due to this vulnerability, a remote, unauthenticated attacker is able to set up an account with privilege level 15 access on a vulnerable system. Afterward, the attacker can take control of the compromised machine using that account.

CVE-2023-20198 is a privilege escalation vulnerability affecting Cisco IOS XE software, receiving the highest possible CVSS score of 10. Successful exploitation of this vulnerability would allow an attacker to create a user account with full administrative privileges.

## Disclaimer: Educational Purpose Only

This Proof of Concept (PoC) is presented solely for educational and informational purposes. The intent behind sharing this PoC is to demonstrate potential vulnerabilities in a controlled environment. The goal is to promote understanding of cybersecurity concepts and encourage responsible disclosure.

### Important Points:
- **Ethical Use:** This PoC should only be used in environments and systems where you have explicit authorization. Unauthorized access to computer systems is illegal and unethical.
- **Responsible Disclosure:** If you discover vulnerabilities as a result of this PoC, it is strongly recommended to report them responsibly to the relevant parties, allowing them adequate time to address and mitigate the issues.
- **No Endorsement:** This PoC and related materials do not endorse or encourage any form of unauthorized access, hacking, or any other illegal activities.

By accessing and using this PoC, you acknowledge that you are solely responsible for your actions and agree to use this information in compliance with applicable laws and regulations. The author assumes no liability for any misuse or consequences arising from the use of this PoC for any purpose other than education and responsible disclosure.

## Features

- **User Creation:** Demonstrates the creation of a local user account on a target web application.
- **Implant Installation:** Installs an implant configuration on the target web application.
- **Web Server Restart:** Restarts the web server on the target to activate the implant.
- **Implant Status Check:** Checks the status of the implanted code on the target.

## Getting Started

### Prerequisites

- Python 3.x
- Required Python packages: `requests`, `colorama`

### Installation

1. Clone the repository:

    ```bash
    git clone https://github.com/Pushkarup/CVE-2023-20198.git
    cd CVE-2023-20198
    ```

2. Install the required Python packages:

    ```bash
    pip install colorama
    pip install requests
    ```

## Usage


1. Create a text file containing the target sites (one per line) and save it with a `.txt` extension.
 •Collect site list for test using dork `labels='cisco-xe-webui'`

2. Edit the Variable config_content in line 121 according to your need . Below is a sample config
   ```python
    config_content = """
    #This is a sample configuration content
    param1: value1
    param2: value2
    nested_params:
         nested_param1: nested_value1
         nested_param2: nested_value2
   """
    ```

3. Run the script:

    ```bash
    python main.py
    ```

4. Follow the prompts to process the target sites.

## Contributing

Contributions are welcome! If you find any issues or have improvements, feel free to open a pull request or create an issue.

## License

This project is licensed under the [MIT License](LICENSE).


## Contact

- GitHub: [Pushkar Upadhyay](https://github.com/Pushkarup)
- LinkedIn: [Pushkar Upadhyay](www.linkedin.com/in/pushkar-upadhyay-24p)

## Donations
### Show your support
- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP
- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a
- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a
File Snapshot

 [4.0K]  /data/pocs/c7301599b6f20b17bfacee5b02fe73f8d5407e2a
├── [1.0K]  LICENSE
├── [6.0K]  main.py
└── [4.0K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →