CVE-2023-4299

🗓️ 31 Aug 2023 20:45:43Reported by icscertType

Digi RealPort Protocol replay attack vulnerabilit

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-4299	1 Sep 202300:13	–	circl
CNNVD	Digi RealPort 安全漏洞	31 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication	31 Aug 202320:45	–	cvelist
EUVD	EUVD-2023-54170	3 Oct 202520:07	–	euvd
ICS	Digi RealPort Protocol	31 Aug 202306:00	–	ics
NVD	CVE-2023-4299	31 Aug 202321:15	–	nvd
OSV	CVE-2023-4299	31 Aug 202321:15	–	osv
Prion	Authentication flaw	31 Aug 202321:15	–	prion
Positive Technologies	PT-2023-5295 · Digi · Digi Realport	31 Aug 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication	31 Aug 202320:45	–	vulnrichment

NVD

Vulners

Node

digi realportRange≤1.9-40linux

digi realportRange≤4.8.488.0windows

Node

digi connectport_ts_8/16_firmwareRange<2.26.2.4

AND

digi connectport_ts_8/16Match-

Node

digi passport_firmwareMatch-

AND

digi passportMatch-

Node

digi connectport_lts_8/16/32_firmwareRange<1.4.9

AND

digi connectport_lts_8/16/32Match-

Node

digi cm_firmwareMatch-

AND

digi cmMatch-

Node

digi portserver_ts_firmwareMatch-

AND

digi portserver_tsMatch-

Node

digi portserver_ts_mei_firmwareMatch-

AND

digi portserver_ts_meiMatch-

Node

digi portserver_ts_mei_hardened_firmwareMatch-

AND

digi portserver_ts_mei_hardenedMatch-

Node

digi portserver_ts_m_mei_firmwareMatch-

AND

digi portserver_ts_m_meiMatch-

Node

digi portserver_ts_p_mei_firmwareMatch-

AND

digi portserver_ts_p_meiMatch-

Node

digi one_iap_firmwareMatch-

AND

digi one_iapMatch-

Node

digi one_ia_firmwareMatch-

AND

digi one_iaMatch-

Node

digi one_sp_ia_firmwareMatch-

AND

digi one_sp_iaMatch-

Node

digi one_sp_firmwareMatch-

AND

digi one_spMatch-

Node

digi wr31_firmwareMatch-

AND

digi wr31Match-

Node

digi transport_wr11_xt_firmwareMatch-

AND

digi transport_wr11_xtMatch-

Node

digi wr44_r_firmwareMatch-

AND

digi wr44_rMatch-

Node

digi wr21_firmwareMatch-

AND

digi wr21Match-

Node

digi connect_es_firmwareRange<2.26.2.4

AND

digi connect_esMatch-

Node

digi connect_sp_firmwareMatch-

AND

digi connect_spMatch-

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Digi RealPort",
    "vendor": "Digi International ",
    "versions": [
      {
        "lessThanOrEqual": "4.8.488.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Digi RealPort",
    "vendor": "Digi International ",
    "versions": [
      {
        "lessThanOrEqual": "1.9-40",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi ConnectPort TS 8/16",
    "vendor": "Digi International ",
    "versions": [
      {
        "lessThan": "2.26.2.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi Passport Console Server",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi ConnectPort LTS 8/16/32",
    "vendor": "Digi International ",
    "versions": [
      {
        "lessThan": "1.4.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi CM Console Server",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi PortServer TS",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi PortServer TS MEI",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi PortServer TS MEI Hardened",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi PortServer TS M MEI",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi PortServer TS P MEI",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi One IAP Family",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi One IA",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi One SP IA",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi One SP",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi WR31",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi WR11 XT",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi WR44 R",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi WR21",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi Connect ES",
    "vendor": "Digi International ",
    "versions": [
      {
        "lessThan": "2.26.2.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi Connect SP",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi 6350-SR",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "unaffected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Digi ConnectCore 8X products",
    "vendor": "Digi International ",
    "versions": [
      {
        "status": "unaffected",
        "version": "all versions"
      }
    ]
  }
]

Source	Link
digi	www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-243-04

21 Nov 2024 08:34Current

8.4High risk

Vulners AI Score8.4

CVSS 3.18.1 - 9

EPSS0.0002

SSVC

CWE-836