CVE-2023-23772

Published: Aug 29, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Affected (1)

Products: Motorola: Mbts Site Controller Firmware

1 product

Mbts Site Controller Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Motorola Mbts Site Controller Firmware	Version r05.32.58

Running on/with	Platform Versions
Motorola Mbts Site Controller	All versions

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://tetraburst.com/

Source: cert@ncsc.nl

Not Applicable

https://tetraburst.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.