CVE-2023-20273

HIGH KEV

Cisco IOS XE - Authenticated OS Command Injection via Web UI

Title source: llm

Exploitation Summary

CVE-2023-20273 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 23, 2023. EIP tracks 1 public exploit from researchers including smokeintheshell.

AI-analyzed exploit summary This is a functional exploit PoC for CVE-2023-20273, targeting Cisco IOS XE devices. It leverages command injection via a vulnerable REST API endpoint to achieve remote code execution (RCE) and can deliver either direct commands or a reverse shell.

Description

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Exploits (1)

nomisec WORKING POC 14 stars

by smokeintheshell · remote

https://github.com/smokeintheshell/CVE-2023-20273

View Code ZIP pw:eip

This is a functional exploit PoC for CVE-2023-20273, targeting Cisco IOS XE devices. It leverages command injection via a vulnerable REST API endpoint to achieve remote code execution (RCE) and can deliver either direct commands or a reverse shell.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cisco IOS XE (tested on Catalyst C9200L and C8000V)

Auth required

Prerequisites: Valid credentials for the Cisco WebUI · Network access to the target device · Vulnerable Cisco IOS XE version

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20273

Scores

CVSS v3 7.2

EPSS 0.8963

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-10-23

VulnCheck KEV 2023-10-16

InTheWild.io 2023-10-21

ENISA EUVD EUVD-2023-24452

CWE

CWE-78

Status published

Products (50)

cisco/ios_xe 16.1.1

cisco/ios_xe 16.1.2

cisco/ios_xe 16.1.3

cisco/ios_xe 16.2.1

cisco/ios_xe 16.2.2

cisco/ios_xe 16.3.1a

cisco/ios_xe 16.3.2

cisco/ios_xe 16.3.3

cisco/ios_xe 16.3.4

cisco/ios_xe 16.3.5

... and 40 more

Published Oct 25, 2023

KEV Added Oct 23, 2023

Tracked Since Feb 18, 2026