cisco_ios 2023 cve

mailsanjayhere · mailsanjayhere · commit 2737cdd4232d · 2025-06-03T09:37:04.000Z
diff --git a/CVEasy/Cisco/2023/cisco_ios/cve202320081.py b/CVEasy/Cisco/2023/cisco_ios/cve202320081.py
@@ -29,6 +29,6 @@ def rule_cve202320081(configuration, commands, device, devices):
         f"Device {device.name} is vulnerable to CVE-2023-20081. "
         "The device has DHCPv6 client configured, "
         "which could allow an attacker to cause a denial of service through crafted DHCPv6 messages. "
-        "For more information,see"
-        "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv"
+        "For more information,see https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-"
+        "sa-asaftdios-dhcpv6-cli-Zf3zTv"
     )
diff --git a/CVEasy/Cisco/2023/cisco_ios/cve202320109.py b/CVEasy/Cisco/2023/cisco_ios/cve202320109.py
@@ -12,9 +12,9 @@
 def rule_cve202320109(configuration, commands, device, devices):
     """
     This rule checks for the CVE-2023-20109 vulnerability in Cisco IOS Software.
-    The vulnerability is due to insufficient validation of attributes in the Group Domain of 
-    Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could 
-    exploit this vulnerability by either compromising an installed key server or modifying 
+    The vulnerability is due to insufficient validation of attributes in the Group Domain of
+    Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could
+    exploit this vulnerability by either compromising an installed key server or modifying
     the configuration of a group member to point to a key server that is controlled by the attacker.
     """
     # Extract the output of the command to check GET VPN configuration
diff --git a/CVEasy/Cisco/2023/cisco_ios/cve202320186.py b/CVEasy/Cisco/2023/cisco_ios/cve202320186.py
@@ -13,8 +13,8 @@ def rule_cve202320186(configuration, commands, device, devices):
     """
     This rule checks for the CVE-2023-20186 vulnerability in Cisco IOS Software.
     The vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks.
-    An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using 
-    SCP to connect to an affected device from an external machine, potentially allowing them to obtain 
+    An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using
+    SCP to connect to an affected device from an external machine, potentially allowing them to obtain
     or change the configuration of the affected device.
     """
     # Extract the version information from the command output

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,6 @@ def rule_cve202320081(configuration, commands, device, devices):`
`29`	`29`	`f"Device {device.name} is vulnerable to CVE-2023-20081. "`
`30`	`30`	`"The device has DHCPv6 client configured, "`
`31`	`31`	`"which could allow an attacker to cause a denial of service through crafted DHCPv6 messages. "`
`32`		`- "For more information,see"`
`33`		`- "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv"`
	`32`	`+ "For more information,see https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-"`
	`33`	`+ "sa-asaftdios-dhcpv6-cli-Zf3zTv"`
`34`	`34`	`)`