CVE-2023-5347

CVSS V2 None CVSS V3 None

Description

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Overview

CVE ID
CVE-2023-5347

Assigner
CyberDanube

Vulnerability Status
PUBLISHED

Published Version
2024-01-09T09:54:59.664Z

Last Modified Date
2024-01-09T10:02:52.603Z

Weakness Enumerations

CWE	URL
CWE-347	http://cwe.mitre.org/data/definitions/347.html

References

Reference URL	Reference Tags
https://www.beijerelectronics.com/en/support/Help___online?docId=69947
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/
http://seclists.org/fulldisclosure/2024/Jan/11
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-5347
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5347

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 05:19:11				Added to TrackCVE