9.8

CVE-2023-5347

Exploit

EPSS 0.22%
Published 09.01.2024 10:15:22
Last modified 21.11.2024 08:41:34
Source office@cyberdanube.com
Teams watchlist Login
Open Login

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Korenix ≫ Jetnet 5310g Firmware Version2.6

Korenix ≫ Jetnet 5310g Version-

Korenix ≫ Jetnet 4508 Firmware Version2.3

Korenix ≫ Jetnet 4508 Version-

Korenix ≫ Jetnet 4508i-w Firmware Version1.3

Korenix ≫ Jetnet 4508i-w Version-

Korenix ≫ Jetnet 4508-w Firmware Version2.3

Korenix ≫ Jetnet 4508-w Version-

Korenix ≫ Jetnet 4508if-s Firmware Version1.3

Korenix ≫ Jetnet 4508if-s Version-

Korenix ≫ Jetnet 4508if-m Firmware Version1.3

Korenix ≫ Jetnet 4508if-m Version-

Korenix ≫ Jetnet 4508if-sw Firmware Version1.3

Korenix ≫ Jetnet 4508if-sw Version-

Korenix ≫ Jetnet 4508if-mw Firmware Version1.3

Korenix ≫ Jetnet 4508if-mw Version-

Korenix ≫ Jetnet 4508f-m Firmware Version2.3

Korenix ≫ Jetnet 4508f-m Version-

Korenix ≫ Jetnet 4508f-s Firmware Version2.3

Korenix ≫ Jetnet 4508f-s Version-

Korenix ≫ Jetnet 4508f-mw Firmware Version2.3

Korenix ≫ Jetnet 4508f-mw Version-

Korenix ≫ Jetnet 4508f-sw Firmware Version2.3

Korenix ≫ Jetnet 4508f-sw Version-

Korenix ≫ Jetnet 5620g-4c Firmware Version1.1

Korenix ≫ Jetnet 5620g-4c Version-

Korenix ≫ Jetnet 5612gp-4f Firmware Version1.2

Korenix ≫ Jetnet 5612gp-4f Version-

Korenix ≫ Jetnet 5612g-4f Firmware Version1.2

Korenix ≫ Jetnet 5612g-4f Version-

Korenix ≫ Jetnet 5728g-24p-ac-2dc-us Firmware Version2.1

Korenix ≫ Jetnet 5728g-24p-ac-2dc-us Version-

Korenix ≫ Jetnet 5728g-24p-ac-2dc-eu Firmware Version2.1

Korenix ≫ Jetnet 5728g-24p-ac-2dc-eu Version-

Korenix ≫ Jetnet 6528gf-2ac-eu Firmware Version1.0

Korenix ≫ Jetnet 6528gf-2ac-eu Version-

Korenix ≫ Jetnet 6528gf-2ac-us Firmware Version1.0

Korenix ≫ Jetnet 6528gf-2ac-us Version-

Korenix ≫ Jetnet 6528gf-2dc24 Firmware Version1.0

Korenix ≫ Jetnet 6528gf-2dc24 Version-

Korenix ≫ Jetnet 6528gf-2dc48 Firmware Version1.0

Korenix ≫ Jetnet 6528gf-2dc48 Version-

Korenix ≫ Jetnet 6528gf-ac-eu Firmware Version1.0

Korenix ≫ Jetnet 6528gf-ac-eu Version-

Korenix ≫ Jetnet 6528gf-ac-us Firmware Version1.0

Korenix ≫ Jetnet 6528gf-ac-us Version-

Korenix ≫ Jetnet 6628xp-4f-us Firmware Version1.1

Korenix ≫ Jetnet 6628xp-4f-us Version-

Korenix ≫ Jetnet 6628x-4f-eu Firmware Version1.0

Korenix ≫ Jetnet 6628x-4f-eu Version-

Korenix ≫ Jetnet 6728g-24p-ac-2dc-us Firmware Version1.1

Korenix ≫ Jetnet 6728g-24p-ac-2dc-us Version-

Korenix ≫ Jetnet 6728g-24p-ac-2dc-eu Firmware Version1.1

Korenix ≫ Jetnet 6728g-24p-ac-2dc-eu Version-

Korenix ≫ Jetnet 6828gf-2dc48 Firmware Version1.0

Korenix ≫ Jetnet 6828gf-2dc48 Version-

Korenix ≫ Jetnet 6828gf-2dc24 Firmware Version1.0

Korenix ≫ Jetnet 6828gf-2dc24 Version-

Korenix ≫ Jetnet 6828gf-ac-dc24-us Firmware Version1.0

Korenix ≫ Jetnet 6828gf-ac-dc24-us Version-

Korenix ≫ Jetnet 6828gf-2ac-us Firmware Version1.0

Korenix ≫ Jetnet 6828gf-2ac-us Version-

Korenix ≫ Jetnet 6828gf-ac-us Firmware Version1.0

Korenix ≫ Jetnet 6828gf-ac-us Version-

Korenix ≫ Jetnet 6828gf-2ac-au Firmware Version1.0

Korenix ≫ Jetnet 6828gf-2ac-au Version-

Korenix ≫ Jetnet 6828gf-ac-dc24-eu Firmware Version1.0

Korenix ≫ Jetnet 6828gf-ac-dc24-eu Version-

Korenix ≫ Jetnet 6828gf-2ac-eu Firmware Version1.0

Korenix ≫ Jetnet 6828gf-2ac-eu Version-

Korenix ≫ Jetnet 6910g-m12 Hvdc Firmware Version1.0

Korenix ≫ Jetnet 6910g-m12 Hvdc Version-

Korenix ≫ Jetnet 7310g-v2 Firmware Version1.0

Korenix ≫ Jetnet 7310g-v2 Version-

Korenix ≫ Jetnet 7628xp-4f-us Firmware Version1.0

Korenix ≫ Jetnet 7628xp-4f-us Version-

Korenix ≫ Jetnet 7628xp-4f-us Firmware Version1.1

Korenix ≫ Jetnet 7628xp-4f-us Version-

Korenix ≫ Jetnet 7628xp-4f-eu Firmware Version1.0

Korenix ≫ Jetnet 7628xp-4f-eu Version-

Korenix ≫ Jetnet 7628xp-4f-eu Firmware Version1.1

Korenix ≫ Jetnet 7628xp-4f-eu Version-

Korenix ≫ Jetnet 7628x-4f-us Firmware Version1.0

Korenix ≫ Jetnet 7628x-4f-us Version-

Korenix ≫ Jetnet 7628x-4f-eu Firmware Version1.0

Korenix ≫ Jetnet 7628x-4f-eu Version-

Korenix ≫ Jetnet 7714g-m12 Hvdc Firmware Version1.0

Korenix ≫ Jetnet 7714g-m12 Hvdc Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.447

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
office@cyberdanube.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2024/Jan/11

Third Party Advisory

Exploit

Mailing List

https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

Third Party Advisory

Exploit

https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5347

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5347

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5347

EUVD