Horizon3.ai’s Exploit Developer James Horseman has just published Cisco IOS XE CVE-2023-20198: Deep Dive and POC
Horizon3.ai Exploit Developer James Horseman said: “Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used to exploit these vulnerabilities. Now, thanks to SECUINFRA FALCON TEAM’s honeypot, we have further insight into these vulnerabilities.”
Horseman also notes: “An attack would use CVE-2023-20273 to elevate to root and write an implant to disk. However, even without CVE-2023-20273, this POC essentially gives full control over the device. Cisco’s method for fixing this vulnerability seems a bit unconventional. We would have expected them to fix the path parsing vulnerability instead of adding a new header. This makes us wonder if there are other hidden endpoints that can be reached with this method.”
Today’s post is a follow up to Horizon3.ai’s October 25, 2023 theory crafting post on CVE -2023-20198.
Like this:
Like Loading...
Related
This entry was posted on October 30, 2023 at 6:21 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3.ai Publishes A POC & Deep Dive About Cisco IOS XE CVE-2023-20198 and CVE-2023-20273
Horizon3.ai’s Exploit Developer James Horseman has just published Cisco IOS XE CVE-2023-20198: Deep Dive and POC
Horizon3.ai Exploit Developer James Horseman said: “Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used to exploit these vulnerabilities. Now, thanks to SECUINFRA FALCON TEAM’s honeypot, we have further insight into these vulnerabilities.”
Horseman also notes: “An attack would use CVE-2023-20273 to elevate to root and write an implant to disk. However, even without CVE-2023-20273, this POC essentially gives full control over the device. Cisco’s method for fixing this vulnerability seems a bit unconventional. We would have expected them to fix the path parsing vulnerability instead of adding a new header. This makes us wonder if there are other hidden endpoints that can be reached with this method.”
Today’s post is a follow up to Horizon3.ai’s October 25, 2023 theory crafting post on CVE -2023-20198.
Share this:
Like this:
Related
This entry was posted on October 30, 2023 at 6:21 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.