Horizon3.ai Publishes A POC & Deep Dive About Cisco IOS XE CVE-2023-20198 and CVE-2023-20273

Horizon3.ai’s Exploit Developer James Horseman has just published Cisco IOS XE CVE-2023-20198: Deep Dive and POC

Horizon3.ai Exploit Developer James Horseman said: “Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used to exploit these vulnerabilities. Now, thanks to SECUINFRA FALCON TEAM’s honeypot, we have further insight into these vulnerabilities.”

Horseman also notes: “An attack would use CVE-2023-20273 to elevate to root and write an implant to disk. However, even without CVE-2023-20273, this POC essentially gives full control over the device. Cisco’s method for fixing this vulnerability seems a bit unconventional. We would have expected them to fix the path parsing vulnerability instead of adding a new header. This makes us wonder if there are other hidden endpoints that can be reached with this method.”

Today’s post is a follow up to Horizon3.ai’s October 25, 2023 theory crafting post on CVE -2023-20198.

Leave a Reply

%d bloggers like this: