Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley Stratix 5200 Firmware CVE-2023-20198 CVE-2023-21098

Name: Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley Stratix 5200 Firmware CVE-2023-20198 CVE-2023-21098
Rating: 5 (283 reviews)

2023-10-20 | CVSS 10.0

## https://sploitus.com/exploit?id=88C057FF-83B5-5F1C-9BCF-8D6786985276
# cve-2023-20198
## Description.
1vere$k POC on the CVE-2023-20198 based on the [Blog](https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/).  Also including a check on hexademical response according to the original [Cisco article](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z).

The script works in the two modes:  
 * `check` mode which is just makes a connection for the particular URL and checks a response code. If it is 200OK and in the same time response is less then 32 symbols it is a ***possibility*** your device is compromised.
 * `exploit` mode. For the particular one you should define username, password, compromised configuration.
 * added http/https schemas support as recommended in the Cisco article.
 * for getting help just use `-h` flag.
## Example:
```
git clone https://github.com/iveresk/cve-2023-20198.git
cd cve-2023-21098
pip install -r requirements.txt
python3 cve-2023-21098.py -m check -s https -t <target>

For the help:
python3 cve-2023-21098.py -h
```
## Contact
You are free to contact me via [Keybase](https://keybase.io/1veresk) for any details.