Lucene search

[email protected]CVE-2023-36611

HistoryJul 03, 2023 - 9:15 p.m.

CVE-2023-36611

2023-07-0321:15:10

CWE-285

[email protected]

web.nvd.nist.gov

cve-2023-36611

tbox

rtus

security tokens

ssh

privilege escalation

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.

Affected configurations

NVD

Node

ovarrotbox_ms-cpu32_firmwareRange≤1.50.598

AND

ovarrotbox_ms-cpu32Match-

Node

ovarrotbox_ms-cpu32-s2_firmwareRange≤1.50.598

AND

ovarrotbox_ms-cpu32-s2Match-

Node

ovarrotbox_lt2_firmwareRange≤1.50.598

AND

ovarrotbox_lt2Match-

Node

ovarrotbox_tg2_firmwareRange≤1.50.598

AND

ovarrotbox_tg2Match-

Node

ovarrotbox_rm2_firmwareRange≤1.50.598

AND

ovarrotbox_rm2Match-

CPENameOperatorVersion
ovarro:tbox_ms-cpu32_firmwareovarro tbox ms-cpu32 firmwarele1.50.598

CPE	Name	Operator	Version
ovarro:tbox_ms-cpu32_firmware	ovarro tbox ms-cpu32 firmware	le	1.50.598

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TBox MS-CPU32",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox MS-CPU32-S2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox LT2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox TG2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TBox RM2",
    "vendor": "Ovarro",
    "versions": [
      {
        "lessThanOrEqual": "1.50.598",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVE-2023-36611

prion1 cvelist1 nvd1 ics1