Description
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
Reserved 2023-11-07 | Published 2023-11-10 | Updated 2024-08-02 | Assigner
KasperskyHIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem types
CWE-269: Improper Privilege Management
Product status
Default status
unaffected
* before 2.000 ARN 01.001.08
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 4.000
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 2.000
affected
Default status
unaffected
* before 2.000 ARN 00.000.20
affected
Default status
unaffected
* before 3.001 ARN 00.000.49
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 3.011 ARN 00.000.60
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 1.000
affected
Default status
unaffected
* before 1.004 ARN 00.003.01
affected
Default status
unaffected
* before 1.005 ARN 00.005.01
affected
Default status
unaffected
* before 1.000
affected
Default status
unaffected
* before 1.000 ARN 00.030.01
affected
Default status
unaffected
* before 1.000 ARN 00.032.02
affected
Default status
unaffected
* before 2.000 ARN 01.000.03
affected
Default status
unaffected
* before 2.000 ARN 01.000.03
affected
Default status
unaffected
* before 1.000 ARN 00.026.01
affected
Default status
unaffected
* before 1.000 ARN 00.032.02
affected
Default status
unaffected
* before 1.01 ARN 00.028.01
affected
Default status
unaffected
* before 2.012 ARN 01.000.05
affected
Default status
unaffected
* before 4.000
affected
Default status
unaffected
* before 4.000 ARN 01.000.05
affected
Default status
unaffected
* before 5.001 ARN 01.000.04
affected
Default status
unaffected
* before 5.012
affected
Default status
unaffected
* before 5.012 ARN 01.000.05
affected
Default status
unaffected
* before 3.001
affected
Default status
unaffected
* before 3.001 ARN 00.000.32
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
affected
Default status
affected
Default status
affected
Default status
unaffected
* before 2.01
affected
Default status
unaffected
* before 2.01 ARN 01.000.05
affected
Timeline
| 2023-02-21: | Issue discovered by Kaspersky ICS CERT |
| 2023-04-27: | Confirmed by Telit Cinterion |
Credits
Alexander Kozlov from Kaspersky finder
Sergey Anufrienko from Kaspersky finder
References
ics-cert.kaspersky.com/...rivilege-management-vulnerability/ (KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability) third-party-advisory
cve.org (CVE-2023-47611)
nvd.nist.gov (CVE-2023-47611)
Download JSON
Subscribe to our newsletter to learn more about our work.
