This Metasploit module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the web UI exposed. An attacker can execute a payload with root privileges. The vulnerable IOS XE versions are 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2, 16.3.3, 16.3.1a, 16.3.4, 16.3.5, 16.3.5b, 16.3.6, 16.3.7, 16.3.8, 16.3.9, 16.3.10, 16.3.11, 16.4.1, 16.4.2, 16.4.3, 16.5.1, 16.5.1a, 16.5.1b, 16.5.2, 16.5.3, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.6.4s, 16.6.4a, 16.6.5a, 16.6.6, 16.6.5b, 16.6.7, 16.6.7a, 16.6.8, 16.6.9, 16.6.10, 16.7.1, 16.7.1a, 16.7.1b, 16.7.2, 16.7.3, 16.7.4, 16.8.1, 16.8.1a, 16.8.1b, 16.8.1s, 16.8.1c, 16.8.1d, 16.8.2, 16.8.1e, 16.8.3, 16.9.1, 16.9.2, 16.9.1a, 16.9.1b, 16.9.1s, 16.9.1c, 16.9.1d, 16.9.3, 16.9.2a, 16.9.2s, 16.9.3h, 16.9.4, 16.9.3s, 16.9.3a, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 16.9.8, 16.9.8a, 16.9.8b, 16.9.8c, 16.10.1, 16.10.1a, 16.10.1b, 16.10.1s, 16.10.1c, 16.10.1e, 16.10.1d, 16.10.2, 16.10.1f, 16.10.1g, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.2, 16.11.1s, 16.11.1c, 16.12.1, 16.12.1s, 16.12.1a, 16.12.1c, 16.12.1w, 16.12.2, 16.12.1y, 16.12.2a, 16.12.3, 16.12.8, 16.12.2s, 16.12.1x, 16.12.1t, 16.12.2t, 16.12.4, 16.12.3s, 16.12.1z, 16.12.3a, 16.12.4a, 16.12.5, 16.12.6, 16.12.1z1, 16.12.5a, 16.12.5b, 16.12.1z2, 16.12.6a, 16.12.7, 16.12.9, 16.12.10, 17.1.1, 17.1.1a, 17.1.1s, 17.1.2, 17.1.1t, 17.1.3, 17.2.1, 17.2.1r, 17.2.1a, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.2, 17.3.3, 17.3.1a, 17.3.1w, 17.3.2a, 17.3.1x, 17.3.1z, 17.3.3a, 17.3.4, 17.3.5, 17.3.4a, 17.3.6, 17.3.4b, 17.3.4c, 17.3.5a, 17.3.5b, 17.3.7, 17.3.8, 17.4.1, 17.4.2, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.2, 17.6.1w, 17.6.1a, 17.6.1x, 17.6.3, 17.6.1y, 17.6.1z, 17.6.3a, 17.6.4, 17.6.1z1, 17.6.5, 17.6.6, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.10.1, 17.10.1a, 17.10.1b, 17.8.1, 17.8.1a, 17.9.1, 17.9.1w, 17.9.2, 17.9.1a, 17.9.1x, 17.9.1y, 17.9.3, 17.9.2a, 17.9.1x1, 17.9.3a, 17.9.4, 17.9.1y1, 17.11.1, 17.11.1a, 17.12.1, 17.12.1a, and 17.11.99SW.
be4a53963822186eefd3bca295bd3248275803476bbc0166365af13898f5fd55Apple Security Advisory 10-25-2023-2 - iOS 16.7.2 and iPadOS 16.7.2 addresses bypass, code execution, and use-after-free vulnerabilities.
25bfc1484ba4a937676a331cd81e95658bf54a0f125680d59828d353e09e49dbApple Security Advisory 10-25-2023-3 - iOS 15.8 and iPadOS 15.8 addresses code execution and integer overflow vulnerabilities.
d210c4bac12498daf5761e87b11269c18d0ed50c2f7f2817ef671224dbffdcc3Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.
7832276135d08171c0df06d4589a559f62878263e78c652e2c5fcc5aaa293edaApple Security Advisory 10-10-2023-1 - iOS 16.7.1 and iPadOS 16.7.1 addresses buffer overflow and code execution vulnerabilities.
be667eaa57ffd89fffea82b376e2b645bb12c3cc11f98e4e4a604a9d1468d665Apple Security Advisory 2023-10-04-1 - iOS 17.0.3 and iPadOS 17.0.3 addresses buffer overflow and code execution vulnerabilities.
4d5563fc7163c47f000a403f5384c3f0b2afcdc05cc1af2b1591fbacdad555f6Apple Security Advisory 09-26-2023-7 - iOS 17 and iPadOS 17 addresses bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities.
d5dc40f32b8065f555562810ca8c41b6376350b38260eb22ee47ebdda11d647fApple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.
f6c7b6c2eca099fde81d74ef022f9d65cbc8bc6773cc1620d0d800ba60deb645Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.
f449601a62ebbbd144305ef4452d57a5c40a3de57572f6f193ea28a6a3b9c199Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.
f23503e52b808d43f23c89a857eaf734ab1d7444e01c12625db6d60309d2ad5eApple Security Advisory 2023-09-11-1 - iOS 15.7.9 and iPadOS 15.7.9 addresses buffer overflow and code execution vulnerabilities.
839671b537da476dd4b6253246cf449d2077598184f74ee49f54ce065768092dApple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.
fd20b111827d07d8bda96091f843054ac7d0ea5fa60ccac308e10fe281177b55Apple Security Advisory 2023-07-24-3 - iOS 15.7.8 and iPadOS 15.7.8 addresses bypass, code execution, and use-after-free vulnerabilities.
585e92bd8c9efdfcc2b29c1705757bb25ab4b206bdd46fcbdf792a97518ed86aApple Security Advisory 2023-07-24-2 - iOS 16.6 and iPadOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.
cf80aa15c014214fb49963259f82d2aa8e172f2770e7bd27d65ad4ed7230464dApple Security Advisory 2023-07-10-2 - Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1 addresses a code execution vulnerability.
4de2b053edc4b7e55bd0c819fe7dc1dfa6b49391b23c952f340ee8db0f6bb98dApple Security Advisory 2023-06-21-3 - iOS 15.7.7 and iPadOS 15.7.7 addresses code execution and integer overflow vulnerabilities.
73d41a679fe416fe3e9e3facf3430ddb71996514d9a7483a1dd853e687d0be0bApple Security Advisory 2023-06-21-2 - iOS 16.5.1 and iPadOS 16.5.1 addresses code execution and integer overflow vulnerabilities.
c328973e8f4709b7024766e3f5e6ad309c49f2b4f78dcff4194a5ebb52f2f705There is a use-after-free vulnerability in libIPTelephony.dylib inside the SIP message decoder (SipMessageDecoder::decode() function). The vulnerable library is present on both iOS and macOS and was confirmed on macOS Ventura 13.2.1.
6d3cab99ce231d2cf5def080ffac1a0b2fd80f0e9852f330e033cb0e5ceb0b2dProof of concept exploit for a remotely trigger-able heap buffer overflow vulnerability in iOS 11.4.1 and macOS 10.13.6. This exploit can be used to crash any vulnerable iOS or macOS device that is connected to the same network as the attacker's computer. The vulnerability can be triggered without any user interaction on the victim's device. The exploit involves sending a TCP packet with non-zero options in the IP and TCP headers.
5352cd5286d39bd38e49f40ff6d66d63f42d4b951311bef0126c92981172e14fApple Security Advisory 2023-05-18-2 - iOS 15.7.6 and iPadOS 15.7.6 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
65a6495ca896d66d4bf5e2b01f2e21624f5f04735f435726663f7d12da055c95Apple Security Advisory 2023-05-18-1 - iOS 16.5 and iPadOS 16.5 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
8d256948b5c37dbf667c61fb35ff92ba987737bb19205c0caef689de0a47f764Apple Security Advisory 2023-04-10-1 - iOS 15.7.5 and iPadOS 15.7.5 addresses code execution, out of bounds write, and use-after-free vulnerabilities.
8a8fa8bead5eb2a3e1506565d93abb68d2c1f05a0641e0b280157e1209776086Apple Security Advisory 2023-04-07-1 - iOS 16.4.1 and iPadOS 16.4.1 addresses code execution, out of bounds write, and use-after-free vulnerabilities.
202940c149d5858b3d9bb42ce28bf550e591c11b3682e07047321b2e7315e8a3Apple Security Advisory 2023-03-27-2 - iOS 15.7.4 and iPadOS 15.7.4 addresses code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
727ce864b571911a1db87fd1c22cd9afa9aa45d6cc5ac3fb120d696344962c24Apple Security Advisory 2023-03-27-1 - iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
7cf02a5429f677335b3e85e292f307419d32759e73ffd0964b3e10037f9e4867
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed