Lucene search

CyberDanubeCVELIST:CVE-2023-5347

HistoryJan 09, 2024 - 9:54 a.m.

CVE-2023-5347 Unauthenticated Firmware Upgrade

2024-01-0909:54:59

CWE-347

CyberDanube

www.cve.org

cve-2023-5347

unauthenticated

firmware upgrade

korenix jetnet series

improper verification

cryptographic signature

trusted executables

vulnerability

update process

operating system

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "JetNet Series",
    "vendor": "Korenix",
    "versions": [
      {
        "status": "affected",
        "version": "firmware older than 2024/01"
      }
    ]
  }
]

References

packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

seclists.org/fulldisclosure/2024/Jan/11

cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

www.beijerelectronics.com/en/support/Help___online?docId=69947

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Related for CVELIST:CVE-2023-5347