8.8

CVE-2023-23773

EPSS 0.03%
Veröffentlicht 29.08.2023 09:15:09
Zuletzt bearbeitet 21.11.2024 07:46:48
Quelle cert@ncsc.nl
CVE-Watchlists
Login
Unerledigt
Login

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Motorola ≫ Ebts Base Radio Firmware Versionr05.x2.57

Motorola ≫ Ebts Base Radio Version-

Motorola ≫ Mbts Base Radio Firmware Versionr05.x2.57

Motorola ≫ Mbts Base Radio Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.072

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cert@ncsc.nl	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://tetraburst.com/

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2023-23773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23773

EUVD