Lucene search

CyberDanubeCVE-2023-5347

HistoryJan 09, 2024 - 10:15 a.m.

CVE-2023-5347

2024-01-0910:15:22

CWE-347

CyberDanube

web.nvd.nist.gov

cve-2023-5347

vulnerability

cryptographic signature

korenix jetnet series

update process

trusted executables

nvd

firmware

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Affected configurations

Nvd

Node

korenixjetnet_5310g_firmwareMatch2.6

AND

korenixjetnet_5310gMatch-

Node

korenixjetnet_4508_firmwareMatch2.3

AND

korenixjetnet_4508Match-

Node

korenixjetnet_4508i-w_firmwareMatch1.3

AND

korenixjetnet_4508i-wMatch-

Node

korenixjetnet_4508-w_firmwareMatch2.3

AND

korenixjetnet_4508-wMatch-

Node

korenixjetnet_4508if-s_firmwareMatch1.3

AND

korenixjetnet_4508if-sMatch-

Node

korenixjetnet_4508if-m_firmwareMatch1.3

AND

korenixjetnet_4508if-mMatch-

Node

korenixjetnet_4508if-sw_firmwareMatch1.3

AND

korenixjetnet_4508if-swMatch-

Node

korenixjetnet_4508if-mw_firmwareMatch1.3

AND

korenixjetnet_4508if-mwMatch-

Node

korenixjetnet_4508f-m_firmwareMatch2.3

AND

korenixjetnet_4508f-mMatch-

Node

korenixjetnet_4508f-s_firmwareMatch2.3

AND

korenixjetnet_4508f-sMatch-

Node

korenixjetnet_4508f-mw_firmwareMatch2.3

AND

korenixjetnet_4508f-mwMatch-

Node

korenixjetnet_4508f-sw_firmwareMatch2.3

AND

korenixjetnet_4508f-swMatch-

Node

korenixjetnet_5620g-4c_firmwareMatch1.1

AND

korenixjetnet_5620g-4cMatch-

Node

korenixjetnet_5612gp-4f_firmwareMatch1.2

AND

korenixjetnet_5612gp-4fMatch-

Node

korenixjetnet_5612g-4f_firmwareMatch1.2

AND

korenixjetnet_5612g-4fMatch-

Node

korenixjetnet_5728g-24p-ac-2dc-us_firmwareMatch2.1

AND

korenixjetnet_5728g-24p-ac-2dc-usMatch-

Node

korenixjetnet_5728g-24p-ac-2dc-eu_firmwareMatch2.1

AND

korenixjetnet_5728g-24p-ac-2dc-euMatch-

Node

korenixjetnet_6528gf-2ac-eu_firmwareMatch1.0

AND

korenixjetnet_6528gf-2ac-euMatch-

Node

korenixjetnet_6528gf-2ac-us_firmwareMatch1.0

AND

korenixjetnet_6528gf-2ac-usMatch-

Node

korenixjetnet_6528gf-2dc24_firmwareMatch1.0

AND

korenixjetnet_6528gf-2dc24Match-

Node

korenixjetnet_6528gf-2dc48_firmwareMatch1.0

AND

korenixjetnet_6528gf-2dc48Match-

Node

korenixjetnet_6528gf-ac-eu_firmwareMatch1.0

AND

korenixjetnet_6528gf-ac-euMatch-

Node

korenixjetnet_6528gf-ac-us_firmwareMatch1.0

AND

korenixjetnet_6528gf-ac-usMatch-

Node

korenixjetnet_6628xp-4f-us_firmwareMatch1.1

AND

korenixjetnet_6628xp-4f-usMatch-

Node

korenixjetnet_6628x-4f-eu_firmwareMatch1.0

AND

korenixjetnet_6628x-4f-euMatch-

Node

korenixjetnet_6728g-24p-ac-2dc-us_firmwareMatch1.1

AND

korenixjetnet_6728g-24p-ac-2dc-usMatch-

Node

korenixjetnet_6728g-24p-ac-2dc-eu_firmwareMatch1.1

AND

korenixjetnet_6728g-24p-ac-2dc-euMatch-

Node

korenixjetnet_6828gf-2dc48_firmwareMatch1.0

AND

korenixjetnet_6828gf-2dc48Match-

Node

korenixjetnet_6828gf-2dc24_firmwareMatch1.0

AND

korenixjetnet_6828gf-2dc24Match-

Node

korenixjetnet_6828gf-ac-dc24-us_firmwareMatch1.0

AND

korenixjetnet_6828gf-ac-dc24-usMatch-

Node

korenixjetnet_6828gf-2ac-us_firmwareMatch1.0

AND

korenixjetnet_6828gf-2ac-usMatch-

Node

korenixjetnet_6828gf-ac-us_firmwareMatch1.0

AND

korenixjetnet_6828gf-ac-usMatch-

Node

korenixjetnet_6828gf-2ac-au_firmwareMatch1.0

AND

korenixjetnet_6828gf-2ac-auMatch-

Node

korenixjetnet_6828gf-ac-dc24-eu_firmwareMatch1.0

AND

korenixjetnet_6828gf-ac-dc24-euMatch-

Node

korenixjetnet_6828gf-2ac-eu_firmwareMatch1.0

AND

korenixjetnet_6828gf-2ac-euMatch-

Node

korenixjetnet_6910g-m12_hvdc_firmwareMatch1.0

AND

korenixjetnet_6910g-m12_hvdcMatch-

Node

korenixjetnet_7310g-v2_firmwareMatch1.0

AND

korenixjetnet_7310g-v2Match-

Node

korenixjetnet_7628xp-4f-us_firmwareMatch1.0

AND

korenixjetnet_7628xp-4f-usMatch-

Node

korenixjetnet_7628xp-4f-us_firmwareMatch1.1

AND

korenixjetnet_7628xp-4f-usMatch-

Node

korenixjetnet_7628xp-4f-eu_firmwareMatch1.0

AND

korenixjetnet_7628xp-4f-euMatch-

Node

korenixjetnet_7628xp-4f-eu_firmwareMatch1.1

AND

korenixjetnet_7628xp-4f-euMatch-

Node

korenixjetnet_7628x-4f-us_firmwareMatch1.0

AND

korenixjetnet_7628x-4f-usMatch-

Node

korenixjetnet_7628x-4f-eu_firmwareMatch1.0

AND

korenixjetnet_7628x-4f-euMatch-

Node

korenixjetnet_7714g-m12_hvdc_firmwareMatch1.0

AND

korenixjetnet_7714g-m12_hvdcMatch-

VendorProductVersionCPE
korenixjetnet_5310g_firmware2.6cpe:2.3:o:korenix:jetnet_5310g_firmware:2.6:*:*:*:*:*:*:*
korenixjetnet_5310g-cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*
korenixjetnet_4508_firmware2.3cpe:2.3:o:korenix:jetnet_4508_firmware:2.3:*:*:*:*:*:*:*
korenixjetnet_4508-cpe:2.3:h:korenix:jetnet_4508:-:*:*:*:*:*:*:*
korenixjetnet_4508i-w_firmware1.3cpe:2.3:o:korenix:jetnet_4508i-w_firmware:1.3:*:*:*:*:*:*:*
korenixjetnet_4508i-w-cpe:2.3:h:korenix:jetnet_4508i-w:-:*:*:*:*:*:*:*
korenixjetnet_4508-w_firmware2.3cpe:2.3:o:korenix:jetnet_4508-w_firmware:2.3:*:*:*:*:*:*:*
korenixjetnet_4508-w-cpe:2.3:h:korenix:jetnet_4508-w:-:*:*:*:*:*:*:*
korenixjetnet_4508if-s_firmware1.3cpe:2.3:o:korenix:jetnet_4508if-s_firmware:1.3:*:*:*:*:*:*:*
korenixjetnet_4508if-s-cpe:2.3:h:korenix:jetnet_4508if-s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
korenix	jetnet_5310g_firmware	2.6	cpe:2.3:o:korenix:jetnet_5310g_firmware:2.6:::::::*
korenix	jetnet_5310g	-	cpe:2.3:h:korenix:jetnet_5310g:-:::::::*
korenix	jetnet_4508_firmware	2.3	cpe:2.3:o:korenix:jetnet_4508_firmware:2.3:::::::*
korenix	jetnet_4508	-	cpe:2.3:h:korenix:jetnet_4508:-:::::::*
korenix	jetnet_4508i-w_firmware	1.3	cpe:2.3:o:korenix:jetnet_4508i-w_firmware:1.3:::::::*
korenix	jetnet_4508i-w	-	cpe:2.3:h:korenix:jetnet_4508i-w:-:::::::*
korenix	jetnet_4508-w_firmware	2.3	cpe:2.3:o:korenix:jetnet_4508-w_firmware:2.3:::::::*
korenix	jetnet_4508-w	-	cpe:2.3:h:korenix:jetnet_4508-w:-:::::::*
korenix	jetnet_4508if-s_firmware	1.3	cpe:2.3:o:korenix:jetnet_4508if-s_firmware:1.3:::::::*
korenix	jetnet_4508if-s	-	cpe:2.3:h:korenix:jetnet_4508if-s:-:::::::*

Rows per page:

1-10 of 861

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "JetNet Series",
    "vendor": "Korenix",
    "versions": [
      {
        "status": "affected",
        "version": "firmware older than 2024/01"
      }
    ]
  }
]

References

packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

seclists.org/fulldisclosure/2024/Jan/11

cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

www.beijerelectronics.com/en/support/Help___online?docId=69947

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Related for CVE-2023-5347