CVE-2023-29156 Vulnerability Details

  /     /     /  

CVE-2023-29156 Metadata Quick Info

CVE Published: 11/07/2023 | CVE Updated: 06/11/2024 | CVE Year: 2023
Source: Nozomi | Vendor: bluemark | Product: ds230
Status : PUBLISHED

---

CVE-2023-29156 Description

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information. This issue affects DroneScout ds230 in default configuration from firmware version 20211210-1627 through 20230329-1042.

Metrics

CVSS Version: 3.1 | Base Score: 4.7 MEDIUM
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-223
CWE Name: CWE-223: Omission of Security-relevant Information
Source: bluemark

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).