CVE-2023-47611

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47611
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ Third Party Advisory
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:30

Type Values Removed Values Added
References () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ - Third Party Advisory () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ - Third Party Advisory

16 Nov 2023, 17:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
First Time Telit els81
Telit ehs6 Firmware
Telit pds8
Telit pds5 Firmware
Telit ehs8 Firmware
Telit bgs5
Telit pls62 Firmware
Telit els61 Firmware
Telit ehs5
Telit pds8 Firmware
Telit
Telit els81 Firmware
Telit pds5
Telit pls62
Telit els61
Telit pds6 Firmware
Telit ehs8
Telit bgs5 Firmware
Telit pds6
Telit ehs6
Telit ehs5 Firmware
CPE cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ - () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ - Third Party Advisory
Information

Published : 2023-11-10 17:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47611

Mitre link : CVE-2023-47611

CVE.ORG link : CVE-2023-47611

JSON object : View

Products Affected

telit

  • pds6
  • bgs5
  • pds6_firmware
  • ehs6
  • ehs8_firmware
  • els61
  • els61_firmware
  • els81_firmware
  • ehs6_firmware
  • pds5
  • ehs5
  • pls62
  • pds5_firmware
  • ehs5_firmware
  • pls62_firmware
  • bgs5_firmware
  • pds8_firmware
  • pds8
  • ehs8
  • els81
CWE
CWE-269

Improper Privilege Management

NVD-CWE-noinfo