Vulnerabilites related to Korenix - JetNet Series
CVE-2023-5376 (GCVE-0-2023-5376)
Vulnerability from cvelistv5
Published
2024-01-09 09:44
Modified
2025-02-13 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Korenix | JetNet Series |
Version: firmware older than 2024/01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
},
{
"tags": [
"x_transferred"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jan/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:27:48.719387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:28:15.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "JetNet Series",
"vendor": "Korenix",
"versions": [
{
"status": "affected",
"version": "firmware older than 2024/01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "S. Dietz (CyberDanube)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects JetNet devices older than firmware version 2024/01.\u003c/span\u003e"
}
],
"value": "An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-15T08:06:20.588Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
},
{
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/11"
},
{
"url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TFTP Without Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "See:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.beijerelectronics.com/en/support/Help___online?docId=69947\"\u003ehttps://www.beijerelectronics.com/en/support/Help___online?docId=69947\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "See:\u00a0 https://www.beijerelectronics.com/en/support/Help___online?docId=69947 https://www.beijerelectronics.com/en/support/Help___online"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2023-5376",
"datePublished": "2024-01-09T09:44:18.108Z",
"dateReserved": "2023-10-04T09:30:19.108Z",
"dateUpdated": "2025-02-13T17:20:11.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5347 (GCVE-0-2023-5347)
Vulnerability from cvelistv5
Published
2024-01-09 09:54
Modified
2025-06-03 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Korenix | JetNet Series |
Version: firmware older than 2024/01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
},
{
"tags": [
"x_transferred"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jan/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5347",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:33:17.516940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:33:02.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "JetNet Series",
"vendor": "Korenix",
"versions": [
{
"status": "affected",
"version": "firmware older than 2024/01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "S. Dietz (CyberDanube)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects JetNet devices older than firmware version 2024/01.\u003c/span\u003e"
}
],
"value": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
}
],
"impacts": [
{
"capecId": "CAPEC-558",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-558 Replace Trusted Executable"
}
]
},
{
"capecId": "CAPEC-552",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-552 Install Rootkit"
}
]
},
{
"capecId": "CAPEC-642",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-642 Replace Binaries"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-15T08:06:18.960Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
},
{
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/11"
},
{
"url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Firmware Upgrade",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "See:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.beijerelectronics.com/en/support/Help___online?docId=69947\"\u003ehttps://www.beijerelectronics.com/en/support/Help___online?docId=69947\u003c/a\u003e"
}
],
"value": "See:\u00a0 https://www.beijerelectronics.com/en/support/Help___online?docId=69947 https://www.beijerelectronics.com/en/support/Help___online"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2023-5347",
"datePublished": "2024-01-09T09:54:59.664Z",
"dateReserved": "2023-10-03T08:11:00.343Z",
"dateUpdated": "2025-06-03T14:33:02.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}