CVE-2023-5347 Vulnerability Details

  /     /     /  

CVE-2023-5347 Metadata Quick Info

CVE Published: 09/01/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: CyberDanube | Vendor: Korenix | Product: JetNet Series
Status : PUBLISHED

---

CVE-2023-5347 Description

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-347
CWE Name: CWE-347 Improper Verification of Cryptographic Signature
Source: Korenix

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-558
CAPEC Description: CAPEC-558 Replace Trusted Executable


Source: NVD (National Vulnerability Database).