We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-47611



AssignerKaspersky
Reserved2023-11-07
Published2023-11-10
Updated2024-08-02

Description

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.



HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

* before 2.000 ARN 01.001.08
affected

Default status
unaffected

* before 4.013 ARN 01.000.06
affected

Default status
unaffected

* before 4.000
affected

Default status
unaffected

* before 4.013 ARN 01.000.06
affected

Default status
unaffected

* before 2.000
affected

Default status
unaffected

* before 2.000 ARN 00.000.20
affected

Default status
unaffected

* before 3.001 ARN 00.000.49
affected

Default status
unaffected

* before 4.013 ARN 01.000.06
affected

Default status
unaffected

* before 4.013 ARN 01.000.06
affected

Default status
unaffected

* before 3.011 ARN 00.000.60
affected

Default status
unaffected

* before 4.013 ARN 01.000.06
affected

Default status
unaffected

* before 1.000
affected

Default status
unaffected

* before 1.004 ARN 00.003.01
affected

Default status
unaffected

* before 1.005 ARN 00.005.01
affected

Default status
unaffected

* before 1.000
affected

Default status
unaffected

* before 1.000 ARN 00.030.01
affected

Default status
unaffected

* before 1.000 ARN 00.032.02
affected

Default status
unaffected

* before 2.000 ARN 01.000.03
affected

Default status
unaffected

* before 2.000 ARN 01.000.03
affected

Default status
unaffected

* before 1.000 ARN 00.026.01
affected

Default status
unaffected

* before 1.000 ARN 00.032.02
affected

Default status
unaffected

* before 1.01 ARN 00.028.01
affected

Default status
unaffected

* before 2.012 ARN 01.000.05
affected

Default status
unaffected

* before 4.000
affected

Default status
unaffected

* before 4.000 ARN 01.000.05
affected

Default status
unaffected

* before 5.001 ARN 01.000.04
affected

Default status
unaffected

* before 5.012
affected

Default status
unaffected

* before 5.012 ARN 01.000.05
affected

Default status
unaffected

* before 3.001
affected

Default status
unaffected

* before 3.001 ARN 00.000.32
affected

Default status
unaffected

* before 4.013 ARN 01.000.06
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

* before 2.01
affected

Default status
unaffected

* before 2.01 ARN 01.000.05
affected

Timeline

2023-02-21:Issue discovered by Kaspersky ICS CERT
2023-04-27:Confirmed by Telit Cinterion

Credits

Alexander Kozlov from Kaspersky finder

Sergey Anufrienko from Kaspersky finder

References

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/ (KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability) third-party-advisory

cve.org CVE-2023-47611

nvd.nist.gov CVE-2023-47611

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-47611
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.