ГлавнаяУязвимости → CVE-2023-5347
9.8критическая

CVE-2023-5347

Описание

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Затрагиваемое ПО
Korenix Jetnet 5310g firmwareKorenix Jetnet 5310gKorenix Jetnet 4508 firmwareKorenix Jetnet 4508Korenix Jetnet 4508i-w firmwareKorenix Jetnet 4508i-wKorenix Jetnet 4508-w firmwareKorenix Jetnet 4508-wKorenix Jetnet 4508if-s firmwareKorenix Jetnet 4508if-sKorenix Jetnet 4508if-m firmwareKorenix Jetnet 4508if-mKorenix Jetnet 4508if-sw firmwareKorenix Jetnet 4508if-swKorenix Jetnet 4508if-mw firmwareKorenix Jetnet 4508if-mwKorenix Jetnet 4508f-m firmwareKorenix Jetnet 4508f-mKorenix Jetnet 4508f-s firmwareKorenix Jetnet 4508f-sKorenix Jetnet 4508f-mw firmwareKorenix Jetnet 4508f-mwKorenix Jetnet 4508f-sw firmwareKorenix Jetnet 4508f-swKorenix Jetnet 5620g-4c firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.htmlhttp://seclists.org/fulldisclosure/2024/Jan/11https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/https://www.beijerelectronics.com/en/support/Help___online?docId=69947http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.htmlhttp://seclists.org/fulldisclosure/2024/Jan/11https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/https://www.beijerelectronics.com/en/support/Help___online?docId=69947