CVE-2023-20198
Description
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
Severity: CRITICAL
CVE ID: CVE-2023-20198
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-20198
Refrence: Project Discovery GitHub
raystr-atearedteam
Refrence: GitHub
Atea-Redteam
CVE-2023-20198 Checkscript
Refrence: GitHub
securityphoenix
cisco-CVE-2023-20198-tester
Refrence: GitHub
emomeni
Refrence: GitHub
ZephrFish
CVE-2023-20198 & 0Day Implant Scanner
Refrence: GitHub
JoyGhoshs
Checker for CVE-2023-20198 , Not a full POC Just checks the implementation and detects if hex is in response or not
Refrence: GitHub
Tounsi007
CVE-2023-20198 PoC (!)
Refrence: GitHub
alekos3
This script can identify if Cisco IOS XE devices are vulnerable to CVE-2023-20198
Refrence: GitHub
reket99
Refrence: GitHub
iveresk
1vere$k POC on the CVE-2023-20198
Refrence: GitHub
sohaibeb
CISCO CVE POC SCRIPT
Refrence: GitHub
fox-it
Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)
Refrence: GitHub
Pushkarup
A PoC for CVE 2023-20198
Refrence: GitHub
Shadow0ps
This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273
Refrence: GitHub
kacem-expereo
Check a target IP for CVE-2023-20198
Refrence: GitHub
mr-r3b00t
Refrence: GitHub
ohlawd
Refrence: GitHub
IceBreakerCode
Refrence: GitHub
RevoltSecurities
An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS routers
Refrence: GitHub
smokeintheshell
CVE-2023-20198 Exploit PoC
Refrence: GitHub
netbell
Check for and remediate conditions that make an IOS-XE device vulnerable to CVE-2023-20198
Refrence: GitHub
Vulnmachines
Cisco CVE-2023-20198
Refrence: GitHub
W01fh4cker
CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.
Refrence: GitHub
Content on GitHub
vulncheck-oss | watchers:36
cisco-ios-xe-implant-scanner
A go-exploit to scan for implanted Cisco IOS XE Systems
Refrence: GitHub
Codeb3af | watchers:2
CVE-2023-20198-RCE
CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.
Refrence: GitHub
alekos3 | watchers:1
CVE_2023_20198_Remediator
Remediate CVE_2023_20198 on Cisco IOS-XE devices.
Refrence: GitHub
codeb0ss | watchers:1
CVE-2023-20198-PoC
CVE-2023-20198 / 0day - Cisco - Authentication Bypass/RCE
Refrence: GitHub
hackingyseguridad | watchers:25
nmap
Detectar vulnerabilidades script con nmap
Refrence: GitHub