Lucene search

NCSC-NLCVELIST:CVE-2023-23773

HistoryAug 29, 2023 - 8:49 a.m.

CVE-2023-23773

2023-08-2908:49:00

CWE-347

NCSC-NL

www.cve.org

motorola

mbts base radio

firmware validation

code execution

secret key extraction

security vulnerability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:H/MUI:N/MS:U/MC:H/MI:H/MA:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

CNA Affected

[
  {
    "vendor": "Motorola",
    "product": "EBTS/MBTS Base Radio",
    "versions": [
      {
        "version": "R05.x2.57",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

tetraburst.com/

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:H/MUI:N/MS:U/MC:H/MI:H/MA:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVELIST:CVE-2023-23773