This Metasploit module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the web UI exposed. An attacker can execute a payload with root privileges. The vulnerable IOS XE versions are 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2, 16.3.3, 16.3.1a, 16.3.4, 16.3.5, 16.3.5b, 16.3.6, 16.3.7, 16.3.8, 16.3.9, 16.3.10, 16.3.11, 16.4.1, 16.4.2, 16.4.3, 16.5.1, 16.5.1a, 16.5.1b, 16.5.2, 16.5.3, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.6.4s, 16.6.4a, 16.6.5a, 16.6.6, 16.6.5b, 16.6.7, 16.6.7a, 16.6.8, 16.6.9, 16.6.10, 16.7.1, 16.7.1a, 16.7.1b, 16.7.2, 16.7.3, 16.7.4, 16.8.1, 16.8.1a, 16.8.1b, 16.8.1s, 16.8.1c, 16.8.1d, 16.8.2, 16.8.1e, 16.8.3, 16.9.1, 16.9.2, 16.9.1a, 16.9.1b, 16.9.1s, 16.9.1c, 16.9.1d, 16.9.3, 16.9.2a, 16.9.2s, 16.9.3h, 16.9.4, 16.9.3s, 16.9.3a, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 16.9.8, 16.9.8a, 16.9.8b, 16.9.8c, 16.10.1, 16.10.1a, 16.10.1b, 16.10.1s, 16.10.1c, 16.10.1e, 16.10.1d, 16.10.2, 16.10.1f, 16.10.1g, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.2, 16.11.1s, 16.11.1c, 16.12.1, 16.12.1s, 16.12.1a, 16.12.1c, 16.12.1w, 16.12.2, 16.12.1y, 16.12.2a, 16.12.3, 16.12.8, 16.12.2s, 16.12.1x, 16.12.1t, 16.12.2t, 16.12.4, 16.12.3s, 16.12.1z, 16.12.3a, 16.12.4a, 16.12.5, 16.12.6, 16.12.1z1, 16.12.5a, 16.12.5b, 16.12.1z2, 16.12.6a, 16.12.7, 16.12.9, 16.12.10, 17.1.1, 17.1.1a, 17.1.1s, 17.1.2, 17.1.1t, 17.1.3, 17.2.1, 17.2.1r, 17.2.1a, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.2, 17.3.3, 17.3.1a, 17.3.1w, 17.3.2a, 17.3.1x, 17.3.1z, 17.3.3a, 17.3.4, 17.3.5, 17.3.4a, 17.3.6, 17.3.4b, 17.3.4c, 17.3.5a, 17.3.5b, 17.3.7, 17.3.8, 17.4.1, 17.4.2, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.2, 17.6.1w, 17.6.1a, 17.6.1x, 17.6.3, 17.6.1y, 17.6.1z, 17.6.3a, 17.6.4, 17.6.1z1, 17.6.5, 17.6.6, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.10.1, 17.10.1a, 17.10.1b, 17.8.1, 17.8.1a, 17.9.1, 17.9.1w, 17.9.2, 17.9.1a, 17.9.1x, 17.9.1y, 17.9.3, 17.9.2a, 17.9.1x1, 17.9.3a, 17.9.4, 17.9.1y1, 17.11.1, 17.11.1a, 17.12.1, 17.12.1a, and 17.11.99SW.
be4a53963822186eefd3bca295bd3248275803476bbc0166365af13898f5fd55
Apple Security Advisory 10-25-2023-2 - iOS 16.7.2 and iPadOS 16.7.2 addresses bypass, code execution, and use-after-free vulnerabilities.
25bfc1484ba4a937676a331cd81e95658bf54a0f125680d59828d353e09e49db
Apple Security Advisory 10-25-2023-3 - iOS 15.8 and iPadOS 15.8 addresses code execution and integer overflow vulnerabilities.
d210c4bac12498daf5761e87b11269c18d0ed50c2f7f2817ef671224dbffdcc3
Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.
7832276135d08171c0df06d4589a559f62878263e78c652e2c5fcc5aaa293eda
Apple Security Advisory 10-10-2023-1 - iOS 16.7.1 and iPadOS 16.7.1 addresses buffer overflow and code execution vulnerabilities.
be667eaa57ffd89fffea82b376e2b645bb12c3cc11f98e4e4a604a9d1468d665
Apple Security Advisory 2023-10-04-1 - iOS 17.0.3 and iPadOS 17.0.3 addresses buffer overflow and code execution vulnerabilities.
4d5563fc7163c47f000a403f5384c3f0b2afcdc05cc1af2b1591fbacdad555f6
Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.
d5dc40f32b8065f555562810ca8c41b6376350b38260eb22ee47ebdda11d647f
Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.
f6c7b6c2eca099fde81d74ef022f9d65cbc8bc6773cc1620d0d800ba60deb645
Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.
f449601a62ebbbd144305ef4452d57a5c40a3de57572f6f193ea28a6a3b9c199
Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.
f23503e52b808d43f23c89a857eaf734ab1d7444e01c12625db6d60309d2ad5e
Apple Security Advisory 2023-09-11-1 - iOS 15.7.9 and iPadOS 15.7.9 addresses buffer overflow and code execution vulnerabilities.
839671b537da476dd4b6253246cf449d2077598184f74ee49f54ce065768092d
Apple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.
fd20b111827d07d8bda96091f843054ac7d0ea5fa60ccac308e10fe281177b55
Apple Security Advisory 2023-07-24-3 - iOS 15.7.8 and iPadOS 15.7.8 addresses bypass, code execution, and use-after-free vulnerabilities.
585e92bd8c9efdfcc2b29c1705757bb25ab4b206bdd46fcbdf792a97518ed86a
Apple Security Advisory 2023-07-24-2 - iOS 16.6 and iPadOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.
cf80aa15c014214fb49963259f82d2aa8e172f2770e7bd27d65ad4ed7230464d
Apple Security Advisory 2023-07-10-2 - Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1 addresses a code execution vulnerability.
4de2b053edc4b7e55bd0c819fe7dc1dfa6b49391b23c952f340ee8db0f6bb98d
Apple Security Advisory 2023-06-21-3 - iOS 15.7.7 and iPadOS 15.7.7 addresses code execution and integer overflow vulnerabilities.
73d41a679fe416fe3e9e3facf3430ddb71996514d9a7483a1dd853e687d0be0b
Apple Security Advisory 2023-06-21-2 - iOS 16.5.1 and iPadOS 16.5.1 addresses code execution and integer overflow vulnerabilities.
c328973e8f4709b7024766e3f5e6ad309c49f2b4f78dcff4194a5ebb52f2f705
There is a use-after-free vulnerability in libIPTelephony.dylib inside the SIP message decoder (SipMessageDecoder::decode() function). The vulnerable library is present on both iOS and macOS and was confirmed on macOS Ventura 13.2.1.
6d3cab99ce231d2cf5def080ffac1a0b2fd80f0e9852f330e033cb0e5ceb0b2d
Proof of concept exploit for a remotely trigger-able heap buffer overflow vulnerability in iOS 11.4.1 and macOS 10.13.6. This exploit can be used to crash any vulnerable iOS or macOS device that is connected to the same network as the attacker's computer. The vulnerability can be triggered without any user interaction on the victim's device. The exploit involves sending a TCP packet with non-zero options in the IP and TCP headers.
5352cd5286d39bd38e49f40ff6d66d63f42d4b951311bef0126c92981172e14f
Apple Security Advisory 2023-05-18-2 - iOS 15.7.6 and iPadOS 15.7.6 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
65a6495ca896d66d4bf5e2b01f2e21624f5f04735f435726663f7d12da055c95
Apple Security Advisory 2023-05-18-1 - iOS 16.5 and iPadOS 16.5 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
8d256948b5c37dbf667c61fb35ff92ba987737bb19205c0caef689de0a47f764
Apple Security Advisory 2023-04-10-1 - iOS 15.7.5 and iPadOS 15.7.5 addresses code execution, out of bounds write, and use-after-free vulnerabilities.
8a8fa8bead5eb2a3e1506565d93abb68d2c1f05a0641e0b280157e1209776086
Apple Security Advisory 2023-04-07-1 - iOS 16.4.1 and iPadOS 16.4.1 addresses code execution, out of bounds write, and use-after-free vulnerabilities.
202940c149d5858b3d9bb42ce28bf550e591c11b3682e07047321b2e7315e8a3
Apple Security Advisory 2023-03-27-2 - iOS 15.7.4 and iPadOS 15.7.4 addresses code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
727ce864b571911a1db87fd1c22cd9afa9aa45d6cc5ac3fb120d696344962c24
Apple Security Advisory 2023-03-27-1 - iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
7cf02a5429f677335b3e85e292f307419d32759e73ffd0964b3e10037f9e4867