SB2023110910 - Multiple vulnerabilities in Telit Cinterion modules

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023110910

SB2023110910 - Multiple vulnerabilities in Telit Cinterion modules

Published: November 9, 2023 Updated: November 9, 2023

Security Bulletin ID SB2023110910
Severity
High
Patch available
NO
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2023-47610)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted SMS message, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Path traversal (CVE-ID: CVE-2023-47613)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can send a specially crafted HTTP request and read/write arbitrary files on the system.


3) Files or Directories Accessible to External Parties (CVE-ID: CVE-2023-47612)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to files or directories accessible to external parties. An attacker with physical access can obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.


4) Information disclosure (CVE-ID: CVE-2023-47616)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. An attacker with physical access can gain unauthorized access to sensitive information on the system.


5) Information disclosure (CVE-ID: CVE-2023-47615)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References