CVE-2023-5347

Unauthenticated Firmware Upgrade

CVSS 9.8 CRITICALEPSS 1.3%CWE-327 CWE-347

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Korenix · JetNet Series

PoCs públicas encontradas — 1

cve_referencepacketstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/http://seclists.org/fulldisclosure/2024/Jan/11 https://www.beijerelectronics.com/en/support/Help___online?docId=69947