CVE-2023-20198

This repository contains a functional exploit PoC for CVE-2023-20198, which leverages improper path validation in Cisco IOS XE to bypass Nginx filtering and execute arbitrary commands or add privileged users via SOAP endpoints. The exploit supports vulnerability checks, command execution, and user management.

This PoC exploits CVE-2023-20198, a vulnerability in Cisco IOS XE Software Web UI, allowing unauthenticated remote command execution via crafted SOAP requests. It supports adding/deleting users and executing OS/Cisco CLI commands.

This repository provides a scanner and detection methods for identifying the presence of the BadCandy implant associated with CVE-2023-20198, an authentication bypass vulnerability in Cisco IOS XE. It includes Suricata rules, PCAPs, and a Python script to fingerprint compromised devices.

This repository contains a scanner for detecting potential compromise via CVE-2023-20198 in Cisco IOS XE devices. It checks for specific indicators such as implant IDs and menu versions to determine if a system has been compromised.

This repository contains a Python-based scanner designed to detect potential implants on Cisco IOS XE devices affected by CVE-2023-20198 and CVE-2023-20273. The scanner checks for known Indicators of Compromise (IoCs) by making HTTP/HTTPS requests to target devices and analyzing the responses.

This script scans for indicators of compromise (IOCs) related to CVE-2023-20198, a vulnerability in Cisco IOS XE software. It checks for suspicious responses and upgraded implants by sending HTTP requests to a range of IPs in a given subnet.

This PoC exploits CVE-2023-20198 to create a local user account, install an implant, and restart the web server. It also includes cleanup steps to delete the created user account.

This repository contains a Python-based PoC for CVE-2023-20198, a critical privilege escalation vulnerability in Cisco IOS XE Software. The exploit demonstrates creating a privilege level 15 user account, installing an implant configuration, and restarting the web server to activate the implant.

This repository contains a Python-based exploit and detection tool for CVE-2023-20198, a Cisco IOS XE authentication bypass vulnerability. The tool supports both detection and exploitation modes, allowing users to identify vulnerable systems and exploit them by sending malicious XML content to the web UI endpoint.

This repository contains a Python script that checks for and exploits CVE-2023-20198, a vulnerability in Cisco IOS XE software. The script can either check for potential compromise or exploit the vulnerability to create a local user account and install a configuration implant.

This PoC exploits CVE-2023-20198 to create a local user account, install an implant, and restart the web server on a Cisco device. It also includes cleanup steps to remove the created user account.

This repository contains a functional exploit PoC for CVE-2023-20198, an authentication bypass vulnerability in Cisco IOS XE's web UI. The exploit leverages improper path validation to bypass Nginx filtering and execute arbitrary commands or add privileged users via SOAP endpoints.

This repository contains a writeup describing CVE-2023-20198, a critical authentication bypass vulnerability in Cisco IOS XE software. The vulnerability allows unauthenticated attackers to gain full administrative privileges via the Web UI feature when HTTP/HTTPS servers are enabled.

This script scans Cisco IOS XE devices for CVE-2023-20198 by checking for specific HTTP server configurations via SSH. It generates a CSV report of vulnerable devices.

This repository contains a PowerShell script designed to detect the presence of an implant related to CVE-2023-20198 in Cisco IOS XE devices. The script checks for known hashes of legitimate web pages and flags discrepancies that may indicate an implant.

This repository contains a Python-based scanner for detecting potential implants related to CVE-2023-20198 in Cisco IOS XE Software. The script checks for specific HTTP responses indicating vulnerability by sending crafted requests to a subnet of targets.

This repository contains a Python script that checks for the presence of CVE-2023-20198 by sending HTTP GET and POST requests to specific URLs and analyzing the responses. It does not exploit the vulnerability but scans for indicators of vulnerability.

The repository contains a Python script that scans multiple IP addresses for CVE-2023-20198 by sending HTTP/HTTPS POST requests and checking for a specific string in the response. It logs results to a CSV file.

This repository provides an Ansible playbook to detect and disable HTTP/HTTPS servers on Cisco IOS XE devices to mitigate CVE-2023-20198. It includes instructions for testing in a Cisco sandbox environment but does not contain exploit code.

This repository contains a functional exploit for CVE-2023-20198, a vulnerability in Cisco IOS-XE. The script includes both a check mode to verify vulnerability and an exploit mode to create a local user account and install an implant configuration.

This repository contains an Ansible playbook that simulates remediation steps for CVE-2023-20198 but does not include functional exploit code or technical analysis. It only logs messages without executing actual commands.

This repository contains a Go-based tool designed to check for the presence of CVE-2023-20198 in Cisco devices. The tool supports various proxy configurations and authentication mechanisms, but it does not include exploit code for achieving remote code execution or other offensive actions.

This repository contains an Ansible playbook designed to detect and mitigate CVE-2023-20198 by disabling HTTP/HTTPS servers on Cisco IOS XE devices and checking syslogs for exploitation indicators. It does not exploit the vulnerability but scans for its presence and applies remediation.

This repository contains an Ansible playbook designed to detect and mitigate CVE-2023-20198 by checking the status of HTTP/HTTPS servers on Cisco IOS XE devices and disabling them if active. It also scans syslogs for indicators of exploitation.

This repository contains a functional Python exploit for CVE-2023-20198, an authentication bypass vulnerability in Cisco IOS XE Web UI. The exploit leverages crafted SOAP requests to execute arbitrary commands, create/delete users, and bypass authentication via the WSMA endpoint.

This repository is a detailed academic case study analyzing CVE-2023-20198, a critical vulnerability in Cisco IOS XE Web UI, including exploitation techniques and mitigation strategies. It does not contain actual exploit code but provides documentation and research findings.

This exploit PoC targets CVE-2023-20198, a vulnerability in Cisco IOS XE software. It leverages SOAP-based command injection to execute arbitrary commands, add/delete users, or retrieve configurations on vulnerable devices.

This repository provides a detailed technical analysis of CVE-2023-20198, focusing on Indicators of Compromise (IOCs) derived from PCAP files. It includes Snort rules and iptables configurations for detection and mitigation, but does not contain functional exploit code.

This PoC exploits CVE-2023-20198, a path traversal vulnerability in Cisco IOS XE Web UI, allowing unauthenticated remote command execution via double-encoded HTTP requests to bypass Nginx path filtering and interact with the WSMA endpoint.

This repository contains a functional exploit PoC for CVE-2023-20198, an authentication bypass vulnerability in Cisco IOS XE. The exploit leverages improper path validation to bypass Nginx filtering and interact with the `webui_wsma_http` endpoint, allowing arbitrary command execution and configuration changes with Privilege 15 access.

This repository provides an Ansible playbook for remediating CVE-2023-20198, a vulnerability in certain Cisco devices. It includes steps to disable the web service and check for exploitation signs, along with Metasploit verification commands.

The repository contains only a placeholder script with no functional exploit code. It appears to be a joke or an incomplete stub rather than a legitimate PoC.

This repository contains a Python script to scan for CVE-2023-20198, a vulnerability in Cisco IOS XE Software. The script checks for the presence of a malicious implant by sending a POST request to a specific endpoint and analyzing the response length.

This repository contains a scanner for CVE-2023-20198, which checks if a Cisco IOS-XE WebUI is vulnerable by detecting a hexadecimal string in the response. It does not exploit the vulnerability but confirms its presence.

This script scans a given subnet for CVE-2023-20198 by sending a POST request to a specific endpoint and checking the response length for potential indicators of compromise. It uses multithreading to efficiently scan multiple IPs concurrently.

This repository is a scanner for detecting known exploited vulnerabilities (KEVs) using Nuclei templates and other tools like Tsunami and Nmap. It does not contain exploit code but rather detection templates for various CVEs.

This Metasploit module exploits CVE-2023-20198 to execute arbitrary CLI commands with privilege level 15 on vulnerable Cisco IOS XE devices via the Web UI. It supports command execution in user, privileged, or global configuration modes.

This Metasploit module exploits CVE-2023-20198 and CVE-2023-20273 to achieve unauthenticated OS command execution on vulnerable Cisco IOS XE devices. It creates a temporary admin user, executes arbitrary commands via command injection, and cleans up by removing the user and output files.

This Metasploit module exploits CVE-2023-20198 and CVE-2023-20273 to achieve unauthenticated remote code execution on vulnerable Cisco IOS XE devices with the Web UI exposed. It leverages a chain of vulnerabilities to execute commands with root privileges.