CVE-2023-23772

EPSS 0.03%
Veröffentlicht 29.08.2023 09:15:09
Zuletzt bearbeitet 21.11.2024 07:46:47
Quelle cert@ncsc.nl
Teams Watchlist Login
Unerledigt Login

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Motorola ≫ Mbts Site Controller Firmware Versionr05.32.58

Motorola ≫ Mbts Site Controller Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cert@ncsc.nl	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://tetraburst.com/

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2023-23772

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23772

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23772

EUVD