Assigner | Kaspersky |
Reserved | 2023-11-07 |
Published | 2023-11-10 |
Updated | 2024-08-02 |
Description
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
HIGH: 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Product status
Default status
unaffected
* before 2.000 ARN 01.001.08
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 4.000
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 2.000
affected
Default status
unaffected
* before 2.000 ARN 00.000.20
affected
Default status
unaffected
* before 3.001 ARN 00.000.49
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 3.011 ARN 00.000.60
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 1.000
affected
Default status
unaffected
* before 1.004 ARN 00.003.01
affected
Default status
unaffected
* before 1.005 ARN 00.005.01
affected
Default status
unaffected
* before 1.000
affected
Default status
unaffected
* before 1.000 ARN 00.030.01
affected
Default status
unaffected
* before 1.000 ARN 00.032.02
affected
Default status
unaffected
* before 2.000 ARN 01.000.03
affected
Default status
unaffected
* before 2.000 ARN 01.000.03
affected
Default status
unaffected
* before 1.000 ARN 00.026.01
affected
Default status
unaffected
* before 1.000 ARN 00.032.02
affected
Default status
unaffected
* before 1.01 ARN 00.028.01
affected
Default status
unaffected
* before 2.012 ARN 01.000.05
affected
Default status
unaffected
* before 4.000
affected
Default status
unaffected
* before 4.000 ARN 01.000.05
affected
Default status
unaffected
* before 5.001 ARN 01.000.04
affected
Default status
unaffected
* before 5.012
affected
Default status
unaffected
* before 5.012 ARN 01.000.05
affected
Default status
unaffected
* before 3.001
affected
Default status
unaffected
* before 3.001 ARN 00.000.32
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
affected
Default status
affected
Default status
affected
Default status
unaffected
* before 2.01
affected
Default status
unaffected
* before 2.01 ARN 01.000.05
affected
Timeline
2023-02-21: | Issue discovered by Kaspersky ICS CERT |
2023-04-27: | Confirmed by Telit Cinterion |
Credits
Alexander Kozlov from Kaspersky finder
Sergey Anufrienko from Kaspersky finder
References
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ (KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability) third-party-advisory
cve.org CVE-2023-47611
nvd.nist.gov CVE-2023-47611
Download JSON
Share this page
https://cve.threatint.com/CVE/CVE-2023-47611
Subscribe to our newsletter to learn more about our work.