CVE-2023-20198 Implant Detection Template

[rxerium]

Template / PR Information

Created a template for the new Cisco IOS XE 0-day vulnerability (CVE-2023-20198) following the command released by Cisco in order to detect this:

curl -k -X POST "https[:]//DEVICEIP/webui/logoutconfirm.html?logon_hash=1"

• References:
  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
  https://www.bleepingcomputer.com/news/security/cisco-warns-of-new-ios-xe-zero-day-actively-exploited-in-attacks/
  https://socradar.io/cisco-warns-of-exploitation-of-a-maximum-severity-zero-day-vulnerability-in-ios-xe-cve-2023-20198/

Template Validation

I've validated this template locally?

• [x ] YES
• NO

I've tested this against a few online hosts running Cisco IOS XE and it looks to be working fine however any further testing is always appreciated.

Additional Details (leave it blank if not applicable)

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

cc. @KaulSe @DhiyaneshGeek
ref: #8414

[rxerium]

Reference:
#8414

[ancailliau]

Best to also include an additional URL for checking: https://github.com/fox-it/cisco-ios-xe-implant-detection

[DhiyaneshGeek]

Hi @rxerium @ancailliau we have moved the template to vulnerability category since it detects the implants of compromised system and changed the severity accordingly

Once we have a proper POC for CVE-2023-20198 , will have a separate template for the same

Let me know if the changes looks good 😄

Thanks

[rxerium]

LGTM 🚀

[olearycrew]

Thanks for the contribution @rxerium !

If you're not already a member of our Discord, can you join us and send me a note in the #contributing channel - I'd love to send some stickers your way.