fkie_nvd - fkie_cve-2023-47611

fkie_cve-2023-47611

Vulnerability from fkie_nvd

Published

2023-11-10 17:15

Modified

2024-11-21 08:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

References

▶	URL	Tags
	vulnerability@kaspersky.com	https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/	Third Party Advisory

Impacted products

Vendor	Product	Version
telit	bgs5_firmware	-
telit	bgs5	-
telit	ehs5_firmware	-
telit	ehs5	-
telit	ehs6_firmware	-
telit	ehs6	-
telit	ehs8_firmware	-
telit	ehs8	-
telit	pds5_firmware	-
telit	pds5	-
telit	pds6_firmware	-
telit	pds6	-
telit	pds8_firmware	-
telit	pds8	-
telit	els61_firmware	-
telit	els61	-
telit	els81_firmware	-
telit	els81	-
telit	pls62_firmware	-
telit	pls62	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "236A82FB-6772-43F5-BFE5-378A6F740A25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE7A300-7A40-49FB-95A3-4F75796A6DB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C33F8018-2AA2-4AA2-B97A-FB848F5D1C06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E937F19-944A-4D76-AF25-488FD30FABBB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEA2FCCD-752B-4DAB-8353-EF1B35AB143F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57219468-C424-43D0-98C0-A85A250AB733",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C74BE72-65CB-4DF3-8AE3-EBCFCD640BFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "691F7CF3-B36D-4440-A8A8-A4863FD5E828",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1969DA7-72FC-4981-A3D5-A7919AA5D774",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F563DF9-B922-4FCF-8078-EA354F0ED5B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70E71C87-3011-43DB-ADB0-A926C7A8E87A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB6E32F2-2723-43B9-A730-22BCF9D420B0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1418767F-34D5-41A0-82BB-BBA7575DD21D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F08EFD2-855A-498D-B88E-59414317BBFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B580262-9CF7-4FE4-99E6-F3486A498F10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEEA5EE5-4F4A-4684-A15E-13AD8D553D3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC546F-9F47-4AFC-93EF-9261BFCE9ECB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE8E98E9-4BB6-48E5-89ED-420653101A2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4647F52-2F3E-45F3-BD84-B54950A06AC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3DBFD6-1C3D-4A8B-B458-E85DE4AF86BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to \"manufacturer\" level on the targeted system."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-269: Gesti\u00f3n de Privilegios Inadecuada en Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 que podr\u00eda permitir a un atacante local con pocos privilegios elevar los privilegios al nivel de \"fabricante\" en el sistema de destino."
    }
  ],
  "id": "CVE-2023-47611",
  "lastModified": "2024-11-21T08:30:31.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "vulnerability@kaspersky.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-10T17:15:07.380",
  "references": [
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
    }
  ],
  "sourceIdentifier": "vulnerability@kaspersky.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "vulnerability@kaspersky.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-47611 (GCVE-0-2023-47611)

Vulnerability from cvelistv5

Published

2023-11-10 16:38

Modified

2024-08-02 21:09

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Summary

References

►

URL

Tags

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/

third-party-advisory

Impacted products

Vendor

Product

Version

►

Telit Cinterion

BGS5

Version: * < 2.000 ARN 01.001.08

Telit Cinterion	EHS5-E	Version: * < 4.013 ARN 01.000.06
Telit Cinterion	EHS5-US	Version: * < 4.000
Telit Cinterion	EHS5-US Rel.4	Version: * < 4.013 ARN 01.000.06
Telit Cinterion	EHS6	Version: * < 2.000
Telit Cinterion	EHS6 Rel.2	Version: * < 2.000 ARN 00.000.20
Telit Cinterion	EHS6 Rel.3	Version: * < 3.001 ARN 00.000.49
Telit Cinterion	EHS6 Rel.4	Version: * < 4.013 ARN 01.000.06
Telit Cinterion	EHS6-A Rel.4	Version: * < 4.013 ARN 01.000.06
Telit Cinterion	EHS8	Version: * < 3.011 ARN 00.000.60
Telit Cinterion	EHS8 Rel.4	Version: * < 4.013 ARN 01.000.06
Telit Cinterion	ELS61-AUS	Version: * < 1.000
Telit Cinterion	ELS61-AUS Rel.1	Version: * < 1.004 ARN 00.003.01
Telit Cinterion	ELS61-AUS Rel.1 MR	Version: * < 1.005 ARN 00.005.01
Telit Cinterion	ELS61-E	Version: * < 1.000
Telit Cinterion	ELS61-E Rel.1	Version: * < 1.000 ARN 00.030.01
Telit Cinterion	ELS61-E Rel.1 MR	Version: * < 1.000 ARN 00.032.02
Telit Cinterion	ELS61-E Rel.2	Version: * < 2.000 ARN 01.000.03
Telit Cinterion	ELS61-E Rel.2	Version: * < 2.000 ARN 01.000.03
Telit Cinterion	ELS61-E2 Rel.1	Version: * < 1.000 ARN 00.026.01
Telit Cinterion	ELS61-E2 Rel.1 MR	Version: * < 1.000 ARN 00.032.02
Telit Cinterion	ELS61-US Rel.1 MR	Version: * < 1.01 ARN 00.028.01
Telit Cinterion	ELS61-US Rel.2	Version: * < 2.012 ARN 01.000.05
Telit Cinterion	ELS81-E	Version: * < 4.000
Telit Cinterion	ELS81-E Rel.1	Version: * < 4.000 ARN 01.000.05
Telit Cinterion	ELS81-E Rel.1.1	Version: * < 5.001 ARN 01.000.04
Telit Cinterion	ELS81-US	Version: * < 5.012
Telit Cinterion	ELS81-US Rel.1.1	Version: * < 5.012 ARN 01.000.05
Telit Cinterion	PDS5-E	Version: * < 3.001
Telit Cinterion	PDS5-E Rel.1	Version: * < 3.001 ARN 00.000.32
Telit Cinterion	PDS5-E Rel.4	Version: * < 4.013 ARN 01.000.06
Telit Cinterion	PDS5-US
Telit Cinterion	PDS6
Telit Cinterion	PDS8
Telit Cinterion	PLS62-W	Version: * < 2.01
Telit Cinterion	PLS62-W Rel.1	Version: * < 2.01 ARN 01.000.05

Show details on NVD website