CVE-2023-47610

HIGH

8.1

Description

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.

Details CVE

Score CVSS v3.18.1

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisNONE

Interaction utilisateurNONE

Publie11/9/2023

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

telit:bgs5telit:bgs5_firmwaretelit:ehs5telit:ehs5_firmwaretelit:ehs6telit:ehs6_firmwaretelit:ehs8telit:ehs8_firmwaretelit:els61telit:els61_firmwaretelit:els81telit:els81_firmwaretelit:pds5telit:pds5_firmwaretelit:pds6telit:pds6_firmwaretelit:pds8telit:pds8_firmwaretelit:pls62telit:pls62_firmware

Faiblesses (CWE)

CWE-120CWE-120

References

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/(vulnerability@kaspersky.com)

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.