Vulnerability detail

Tenable Blog · May 27, 2026

Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk.Key takeawaysThe "patch everything" strategy is dead: Vulnerability prioritization based on exploitation risk offers a path forward. A directed graph model linking 600+ threat actors to vulnerabilities in 7,800 customer environments reveals that 68% of organizations carry at least one CVE previously exploited by a named adversary, and 321 tracked threat groups can reach at least one customer environment through an active vulnerability. Prevalence of "Elite Arsenal" CVEs requires immediate attention: The 242 "Elite Arsenal" CVEs — those meeting all three criteria of critical VPR (≥ 9), CISA KEV listing, and documented threat group exploitation — are nearly universally present across the studied customer base, with 241 of 242 actively detected. More than half are five or more years old, and 78% of the persistently exploited core are simultaneously weaponized by nation-state APTs, commodity malware operators, and ransomware gangs. Non-CVE exposures are universally dangerous: Non-CVE exposures, including misconfigurations, weak credentials, and end-of-life software, are present in virtually 100% of studied organizations, with 60% carrying at least one that maps to a tracked threat actor's preferred techniques. Preliminary modeling suggests these exposures may confer more breach risk than CVE-linked findings, yet no industry-standard scoring infrastructure exists to prioritize them.While the first two posts in this blog series documented the accelerating vulnerability flood and the widening remediation gap, today we answer the outstanding question: Where do these forces actually collide inside customer environments? Using a directed graph model that maps more than 600 tracked threat groups to vulnerabilities observed across 7,800 organizations,...

TheHackerNews · Jun 24, 2025

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration

Tenable Blog · May 09, 2025

In this special edition of the Cybersecurity Snapshot, we bring you some of the most valuable guidance offered by the U.K. National Cyber Security Centre (NCSC) in the past 18 months. Check out best practices, recommendations and insights on protecting your AI systems, APIs and mobile devices, as well as on how to prep for post-quantum cryptography, and more.In case you missed it, here are six NCSC recommendations to help your organization fine-tune its cybersecurity strategy and operations.1 - How to migrate to quantum-resistant cryptographyIs your organization planning to adopt cryptography that can resist attacks from future quantum computers? If so, you might want to check out the NCSC’s “Timelines for migration to post-quantum (PQC) cryptography,” a white paper aimed at helping organizations plan their migration to quantum-resistant cryptography.“Migration to PQC can be viewed as any large technology transition. In the guidance, we describe the key steps in such a transition, and illustrate some of the cryptography and PQC-specific elements required at each stage of the programme,” reads a companion blog. At a high-level, the NCSC proposes these three key milestones:By 2028Define the organization’s migration goals.Assess which services and infrastructure need to have their cryptography upgraded to PQC.Draft an initial migration plan that includes, for example, the highest priority migration steps; the necessary investment; and what you’ll need from your suppliers.By 2031Execute the first, most important PQC migration steps.Refine the PQC migration plan to ensure the roadmap will be fulfilled.Ensure your infrastructure is ready to support PQC.By 2035Complete your PQC migration.Organizations need to migrate to PQC because quantum computers will be able to decrypt data protected with today’s public-key cryptographic algorithms. These powerful quantum computers are expected to become generally available at some point between 2030 and 2040.The U.S. National...

github · Created 2024-08-26 08:16:28 UTC · 0 stars

github · Created 2024-04-25 06:59:53 UTC · 38 stars

CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.

github · Created 2023-12-11 10:41:48 UTC · 2 stars

Cisco CVE-2023-20198

github · Created 2023-11-16 16:39:38 UTC · 45 stars

CVE-2023-20198 Exploit PoC

github · Created 2023-11-03 13:05:59 UTC · 7 stars

An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS routers

github · Created 2023-10-25 21:15:58 UTC · 1 stars

github · Created 2023-10-25 21:02:22 UTC · 0 stars

github · Created 2023-10-25 07:13:59 UTC · 2 stars

github · Created 2023-10-24 09:36:37 UTC · 1 stars

Check a target IP for CVE-2023-20198

github · Created 2023-10-23 19:25:29 UTC · 30 stars

This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273

github · Created 2023-10-23 16:04:23 UTC · 8 stars

A PoC for CVE 2023-20198

github · Created 2023-10-20 23:34:12 UTC · 2 stars

CISCO CVE POC SCRIPT

github · Created 2023-10-18 08:50:49 UTC · 9 stars

CVE-2023-20198 PoC (!)

github · Created 2023-10-18 07:53:29 UTC · 0 stars

Checker for CVE-2023-20198 , Not a full POC Just checks the implementation and detects if hex is in response or not

github · Created 2023-10-17 22:41:14 UTC · 30 stars

CVE-2023-20198 & 0Day Implant Scanner

github · Created 2023-10-17 15:44:01 UTC · 1 stars

cisco-CVE-2023-20198-tester

github · Created 2023-10-17 08:00:18 UTC · 18 stars

CVE-2023-20198 Checkscript

github · Created 2023-10-17 07:35:50 UTC · 0 stars