5.5
CVE-2023-47615
- EPSS 0.21%
- Veröffentlicht 09.11.2023 13:15:07
- Zuletzt bearbeitet 21.11.2024 08:30:31
- Quelle vulnerability@kaspersky.com
- CVE-Watchlists
- Unerledigt
LoginA CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Telit ≫ Bgs5 Firmware Version-
Telit ≫ Ehs5 Firmware Version-
Telit ≫ Ehs6 Firmware Version-
Telit ≫ Ehs8 Firmware Version-
Telit ≫ Pds5 Firmware Version-
Telit ≫ Pds6 Firmware Version-
Telit ≫ Pds8 Firmware Version-
Telit ≫ Els61 Firmware Version-
Telit ≫ Els81 Firmware Version-
Telit ≫ Pls62 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.104 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| vulnerability@kaspersky.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable
The product uses an environment variable to store unencrypted sensitive information.
https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/