Skip to main content

CVE-2023-20273

Description

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Cisco Systems, Inc.
Severity: HIGH
CVE ID: CVE-2023-20273
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

smokeintheshell

CVE-2023-20273 Exploit PoC

Refrence: GitHub

Content on GitHub

fox-it | watchers:38

cisco-ios-xe-implant-detection
Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)

Refrence: GitHub

Shadow0ps | watchers:29

CVE-2023-20198-Scanner
This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.8