A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2023-20273 | Cisco IOS XE Web UI Command Injection Vulnerability | secondary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited through improper privilege escalation in the Web User Interface feature of Cisco IOS XE software. Attackers first used this vulnerability to elevate privileges from a normal user to root by leveraging a newly created local user account. This allowed them to write malicious implants that enable them to execute arbitrary commands to the file system
This CVE was exploited after the adversary exploited CVE-2023-20198.
References
|
CVE-2023-20273 | Cisco IOS XE Web UI Command Injection Vulnerability | primary_impact | T1068 | Exploitation for Privilege Escalation |
Comments
This vulnerability is exploited through improper privilege escalation in the Web User Interface feature of Cisco IOS XE software. Attackers first used this vulnerability to elevate privileges from a normal user to root by leveraging a newly created local user account. This allowed them to write malicious implants that enable them to execute arbitrary commands to the file system
This CVE was exploited after the adversary exploited CVE-2023-20198.
References
|
CVE-2023-20273 | Cisco IOS XE Web UI Command Injection Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability is exploited through improper privilege escalation in the Web User Interface feature of Cisco IOS XE software. Attackers first used this vulnerability to elevate privileges from a normal user to root by leveraging a newly created local user account. This allowed them to write an implant to the file system, further compromising the device.
This CVE was exploited after the adversary exploited CVE-2023-20198.
References
|