Main Vulnerability Database Vulnerabilities #VU76151

Improper Authentication in Remote Management System (RMS) - CVE-2023-32347

Published: May 15, 2023

Vulnerability identifier: #VU76151

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-32347

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Remote Management System (RMS)

Software vendor:
TELTONIKA

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can obtain the serial number and MAC address of the device, bypass authentication process and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Improper Authentication in Remote Management System (RMS) - CVE-2023-32347

Description

Remediation

External links

Please verify you're human