CVE-2023-47611

Published: Nov 10, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

Affected (10)

Products: Telit: Bgs5 Firmware, Ehs5 Firmware, Ehs6 Firmware, Ehs8 Firmware, Pds5 Firmware, Pds6 Firmware, Pds8 Firmware, Els61 Firmware, Els81 Firmware, Pls62 Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Bgs5 Firmware	All versions

Running on/with	Platform Versions
Telit Bgs5	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Ehs5 Firmware	All versions

Running on/with	Platform Versions
Telit Ehs5	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Ehs6 Firmware	All versions

Running on/with	Platform Versions
Telit Ehs6	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Ehs8 Firmware	All versions

Running on/with	Platform Versions
Telit Ehs8	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Pds5 Firmware	All versions

Running on/with	Platform Versions
Telit Pds5	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Pds6 Firmware	All versions

Running on/with	Platform Versions
Telit Pds6	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Pds8 Firmware	All versions

Running on/with	Platform Versions
Telit Pds8	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Els61 Firmware	All versions

Running on/with	Platform Versions
Telit Els61	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Els81 Firmware	All versions

Running on/with	Platform Versions
Telit Els81	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telit Pls62 Firmware	All versions

Running on/with	Platform Versions
Telit Pls62	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/

Source: vulnerability@kaspersky.com

Third Party Advisory

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.