9.8
CVE-2023-47610
- EPSS 2.78%
- Veröffentlicht 09.11.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:30:31
- Quelle vulnerability@kaspersky.com
- CVE-Watchlists
- Unerledigt
LoginA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Telit ≫ Bgs5 Firmware Version-
Telit ≫ Ehs5 Firmware Version-
Telit ≫ Ehs6 Firmware Version-
Telit ≫ Ehs8 Firmware Version-
Telit ≫ Pds5 Firmware Version-
Telit ≫ Pds6 Firmware Version-
Telit ≫ Pds8 Firmware Version-
Telit ≫ Els61 Firmware Version-
Telit ≫ Els81 Firmware Version-
Telit ≫ Pls62 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.78% | 0.856 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| vulnerability@kaspersky.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.