Details of VAR-202305-2096

ID

VAR-202305-2096

CVE

CVE-2023-32349

TITLE

plural teltonika-networks Vulnerabilities related to external control of system configuration or settings in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-007331

DESCRIPTION

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. rut200 firmware, rut240 firmware, rut241 firmware etc. teltonika-networks The product contains vulnerabilities related to external control of system configuration or settings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-32349 // JVNDB: JVNDB-2023-007331 // VULMON: CVE-2023-32349

AFFECTED PRODUCTS

vendor:	teltonika	model:	rut951	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutxr1	scope:	gte	version:	00.07.00	Trust: 1.0
vendor:	teltonika	model:	rutxr1	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut200	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut901	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx09	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx10	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut950	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut955	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx50	scope:	gte	version:	00.07.00	Trust: 1.0
vendor:	teltonika	model:	rut241	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx08	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut300	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx12	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut240	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx14	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut360	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut956	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx14	scope:	gte	version:	00.07.00	Trust: 1.0
vendor:	teltonika	model:	rutx50	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rutx11	scope:	lte	version:	00.07.03.4	Trust: 1.0
vendor:	teltonika	model:	rut360	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutxr1	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutx14	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutx09	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutx11	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut901	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut955	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutx12	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut240	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut241	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut956	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut951	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutx08	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutx50	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut300	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut200	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rutx10	scope:	-	version:	-	Trust: 0.8
vendor:	teltonika	model:	rut950	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-007331 // NVD: CVE-2023-32349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-32349
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2023-32349
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-32349
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202305-1332
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-32349
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2023-32349
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-32349
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-007331 // CNNVD: CNNVD-202305-1332 // NVD: CVE-2023-32349 // NVD: CVE-2023-32349

PROBLEMTYPE DATA

problemtype:	CWE-15	Trust: 1.0
problemtype:	External control of system configuration or settings (CWE-15) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-007331 // NVD: CVE-2023-32349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-1332

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-1332

PATCH

title:

Teltonika RUT router Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=240038

Trust: 0.6

sources: CNNVD: CNNVD-202305-1332

EXTERNAL IDS

db:	NVD	id:	CVE-2023-32349	Trust: 3.3
db:	ICS CERT	id:	ICSA-23-131-08	Trust: 2.5
db:	JVN	id:	JVNVU99158491	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-007331	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.2725	Trust: 0.6
db:	CNNVD	id:	CNNVD-202305-1332	Trust: 0.6
db:	VULMON	id:	CVE-2023-32349	Trust: 0.1

sources: VULMON: CVE-2023-32349 // JVNDB: JVNDB-2023-007331 // CNNVD: CNNVD-202305-1332 // NVD: CVE-2023-32349

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu99158491/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-32349	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.2725	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-32349/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/15.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-32349 // JVNDB: JVNDB-2023-007331 // CNNVD: CNNVD-202305-1332 // NVD: CVE-2023-32349

SOURCES

db:	VULMON	id:	CVE-2023-32349
db:	JVNDB	id:	JVNDB-2023-007331
db:	CNNVD	id:	CNNVD-202305-1332
db:	NVD	id:	CVE-2023-32349

LAST UPDATE DATE

2024-08-14T13:52:30.037000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-32349	date:	2023-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2023-007331	date:	2023-11-21T08:07:00
db:	CNNVD	id:	CNNVD-202305-1332	date:	2023-06-02T00:00:00
db:	NVD	id:	CVE-2023-32349	date:	2023-06-01T17:54:27.743

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-32349	date:	2023-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2023-007331	date:	2023-11-21T00:00:00
db:	CNNVD	id:	CNNVD-202305-1332	date:	2023-05-12T00:00:00
db:	NVD	id:	CVE-2023-32349	date:	2023-05-22T16:15:10.420