Lucene search
K

42 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.128 views

Cisco IOS XE Web UI - Command Injection

A vulnerability in the web UI component of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system. This vulnerability is due to improper input validation in the web UI. An attacker could exploit...

10CVSS8.4AI score0.99571EPSS
Exploits27References2
The Hacker News
The Hacker News
added 2025/11/01 1:43 p.m.12 views

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate ASD has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 CVSS...

10CVSS7.1AI score0.99571EPSS
Exploits27
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.9 views

CVE-2023-20198

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issue...

10CVSS7.5AI score0.99571EPSS
Exploits28References1
GithubExploit
GithubExploit
added 2025/04/11 3:37 p.m.417 views

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

Cisco-IOS-XE-CVE-2023-20198 Exploit PoC for CVE-2023-20198 Vul...

10CVSS9.5AI score0.99571EPSS
Exploits28
Hacker One
Hacker One
added 2024/10/12 2:28 a.m.10 views

MTN Group: Cisco IOS XE instance at ████ vulnerable to CVE-██████

A vulnerability was discovered in a Cisco IOS XE instance that allowed bypassing authentication to reach a web endpoint and execute arbitrary Cisco IOS commands or make configuration changes with Privilege 15 privileges. The vulnerability was characterized by improper path validation to bypass...

10CVSS8.9AI score0.99571EPSS
Exploits28
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.161 views

Cisco IOX XE Unauthenticated Command Line Interface (CLI) Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...

10CVSS7.2AI score0.99571EPSS
Exploits27
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.330 views

Cisco IOX XE Unauthenticated OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated OS command execution', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against...

10CVSS7.4AI score0.99571EPSS
Exploits28
GithubExploit
GithubExploit
added 2024/08/26 8:16 a.m.415 views

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 Exploit PoC for CVE-2023-20198 Description...

10CVSS9.4AI score0.99571EPSS
Exploits28
GithubExploit
GithubExploit
added 2023/11/16 4:39 p.m.368 views

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 Exploit PoC for CVE-2023-20198 Description...

10CVSS9.4AI score0.99571EPSS
Exploits28
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.1159 views

Cisco IOX XE Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...

10CVSS7.2AI score0.99571EPSS
Exploits28
0day.today
0day.today
added 2023/11/10 12:0 a.m.497 views

Cisco IOX XE unauthenticated Command Line Interface Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...

10CVSS7.4AI score0.99571EPSS
Exploits27
0day.today
0day.today
added 2023/11/10 12:0 a.m.532 views

Cisco IOX XE unauthenticated OS Command Execution Exploit

msf use auxiliary/admin/http/ciscoiosxeosexeccve202320273 msf auxiliaryciscoiosxeosexeccve202320273 show actions ...actions... msf auxiliaryciscoiosxeosexeccve202320273 set ACTION msf auxiliaryciscoiosxeosexeccve202320273 show options ...show and set options... msf...

10CVSS8.7AI score0.99571EPSS
Exploits28
Metasploit
Metasploit
added 2023/11/08 7:50 p.m.1065 views

Cisco IOX XE Unauthenticated RCE Chain

This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute a payload with root privileges. The vulnerable IOS XE versions are: 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2,...

10CVSS8.2AI score0.99571EPSS
Exploits28
Metasploit
Metasploit
added 2023/11/08 7:50 p.m.632 views

Cisco IOX XE unauthenticated OS command execution

This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary OS commands with root privileges. This module leverages CVE-2023-20198 to create a new admin user, then authenticating...

10CVSS8.8AI score0.99571EPSS
Exploits28
Metasploit
Metasploit
added 2023/11/08 7:50 p.m.634 views

Cisco IOX XE unauthenticated Command Line Interface (CLI) execution

This module leverages CVE-2023-20198 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary CLI commands with privilege level 15. You must specify the IOS command mode to execute a CLI command in. Valid modes are user, privileged, and...

10CVSS8.9AI score0.99571EPSS
Exploits27
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.280 views

Cisco IOS XE Unauthenticated Remote Command Execution (CVE-2023-20198) (Direct Check)

Binary data ciscoiosxeCVE-2023-20198directcheck.nbin...

10CVSS9.8AI score0.99571EPSS
Exploits27References4
GithubExploit
GithubExploit
added 2023/11/03 1:5 p.m.97 views

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 An Exploitation script developed to exploit the...

10CVSS8.6AI score0.99571EPSS
Exploits27
GithubExploit
GithubExploit
added 2023/11/03 1:5 p.m.457 views

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 An Exploitation script developed to exploit the...

10CVSS8.5AI score0.99571EPSS
Exploits27
CISA
CISA
added 2023/10/27 12:0 p.m.23 views

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software releas...

10CVSS9AI score0.99571EPSS
In wildExploits28References8
GithubExploit
GithubExploit
added 2023/10/25 9:15 p.m.404 views

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

🔍 Cisco IOS XE Web UI Vulnerability Scanner - CVE-2023-20198...

10CVSS8.9AI score0.99571EPSS
Exploits27
Rows per page
Query Builder