Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-4299
HistoryAug 31, 2023 - 9:15 p.m.

CVE-2023-4299

2023-08-3121:15:09
CWE-836
[email protected]
web.nvd.nist.gov
5
cve-2023-4299
digi realport protocol
replay attack
authentication bypass
connected equipment

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

54.0%

JSON

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Affected configurations

Nvd
Node
digirealportRange1.9-40linux
OR
digirealportRange4.8.488.0windows
Node
digiconnectport_ts_8\/16Match-
AND
digiconnectport_ts_8\/16_firmwareRange<2.26.2.4
Node
digipassportMatch-
AND
digipassport_firmwareMatch-
Node
digiconnectport_lts_8\/16\/32_firmwareRange<1.4.9
AND
digiconnectport_lts_8\/16\/32Match-
Node
digicm_firmwareMatch-
AND
digicmMatch-
Node
digiportserver_ts_firmwareMatch-
AND
digiportserver_tsMatch-
Node
digiportserver_ts_mei_firmwareMatch-
AND
digiportserver_ts_meiMatch-
Node
digiportserver_ts_mei_hardened_firmwareMatch-
AND
digiportserver_ts_mei_hardenedMatch-
Node
digiportserver_ts_m_mei_firmwareMatch-
AND
digiportserver_ts_m_meiMatch-
Node
digiportserver_ts_p_mei_firmwareMatch-
AND
digiportserver_ts_p_meiMatch-
Node
digione_iap_firmwareMatch-
AND
digione_iapMatch-
Node
digione_ia_firmwareMatch-
AND
digione_iaMatch-
Node
digione_sp_ia_firmwareMatch-
AND
digione_sp_iaMatch-
Node
digione_sp_firmwareMatch-
AND
digione_spMatch-
Node
digiwr31_firmwareMatch-
AND
digiwr31Match-
Node
digitransport_wr11_xt_firmwareMatch-
AND
digitransport_wr11_xtMatch-
Node
digiwr44_r_firmwareMatch-
AND
digiwr44_rMatch-
Node
digiwr21_firmwareMatch-
AND
digiwr21Match-
Node
digiconnect_es_firmwareRange<2.26.2.4
AND
digiconnect_esMatch-
Node
digiconnect_sp_firmwareMatch-
AND
digiconnect_spMatch-
VendorProductVersionCPE
digirealport*cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*
digirealport*cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*
digiconnectport_ts_8\/16-cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*
digiconnectport_ts_8\/16_firmware*cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*
digipassport-cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*
digipassport_firmware-cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*
digiconnectport_lts_8\/16\/32_firmware*cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*
digiconnectport_lts_8\/16\/32-cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*
digicm_firmware-cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*
digicm-cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 401

Related

cvelist 1
cve 1
ics 1
prion 1
cvelist
cvelist
CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication
2023-08-31 20:45:43
cve
cve
CVE-2023-4299
2023-08-31 21:15:09
ics
ics
​Digi RealPort Protocol
2023-08-31 12:00:00
prion
prion
Authentication flaw
2023-08-31 21:15:00

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

54.0%

JSON
Related for NVD:CVE-2023-4299
cvelist1cve1ics1prion1