ID

VAR-202305-2096


CVE

CVE-2023-32349


TITLE

plural  teltonika-networks  Vulnerabilities related to external control of system configuration or settings in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-007331

DESCRIPTION

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. rut200 firmware, rut240 firmware, rut241 firmware etc. teltonika-networks The product contains vulnerabilities related to external control of system configuration or settings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-32349 // JVNDB: JVNDB-2023-007331 // VULMON: CVE-2023-32349

AFFECTED PRODUCTS

vendor:teltonikamodel:rut951scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutxr1scope:gteversion:00.07.00

Trust: 1.0

vendor:teltonikamodel:rutxr1scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut200scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut901scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx09scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx10scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut950scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut955scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx50scope:gteversion:00.07.00

Trust: 1.0

vendor:teltonikamodel:rut241scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx08scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut300scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx12scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut240scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx14scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut360scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut956scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx14scope:gteversion:00.07.00

Trust: 1.0

vendor:teltonikamodel:rutx50scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rutx11scope:lteversion:00.07.03.4

Trust: 1.0

vendor:teltonikamodel:rut360scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutxr1scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutx14scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutx09scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutx11scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut901scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut955scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutx12scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut240scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut241scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut956scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut951scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutx08scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutx50scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut300scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut200scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rutx10scope: - version: -

Trust: 0.8

vendor:teltonikamodel:rut950scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-007331 // NVD: CVE-2023-32349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-32349
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2023-32349
value: HIGH

Trust: 1.0

NVD: CVE-2023-32349
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202305-1332
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-32349
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2023-32349
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-32349
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-007331 // CNNVD: CNNVD-202305-1332 // NVD: CVE-2023-32349 // NVD: CVE-2023-32349

PROBLEMTYPE DATA

problemtype:CWE-15

Trust: 1.0

problemtype:External control of system configuration or settings (CWE-15) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-007331 // NVD: CVE-2023-32349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-1332

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-1332

PATCH

title:Teltonika RUT router Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=240038

Trust: 0.6

sources: CNNVD: CNNVD-202305-1332

EXTERNAL IDS

db:NVDid:CVE-2023-32349

Trust: 3.3

db:ICS CERTid:ICSA-23-131-08

Trust: 2.5

db:JVNid:JVNVU99158491

Trust: 0.8

db:JVNDBid:JVNDB-2023-007331

Trust: 0.8

db:AUSCERTid:ESB-2023.2725

Trust: 0.6

db:CNNVDid:CNNVD-202305-1332

Trust: 0.6

db:VULMONid:CVE-2023-32349

Trust: 0.1

sources: VULMON: CVE-2023-32349 // JVNDB: JVNDB-2023-007331 // CNNVD: CNNVD-202305-1332 // NVD: CVE-2023-32349

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Trust: 2.5

url:https://jvn.jp/vu/jvnvu99158491/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-32349

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.2725

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-32349/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/15.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-32349 // JVNDB: JVNDB-2023-007331 // CNNVD: CNNVD-202305-1332 // NVD: CVE-2023-32349

SOURCES

db:VULMONid:CVE-2023-32349
db:JVNDBid:JVNDB-2023-007331
db:CNNVDid:CNNVD-202305-1332
db:NVDid:CVE-2023-32349

LAST UPDATE DATE

2024-08-14T13:52:30.037000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-32349date:2023-05-22T00:00:00
db:JVNDBid:JVNDB-2023-007331date:2023-11-21T08:07:00
db:CNNVDid:CNNVD-202305-1332date:2023-06-02T00:00:00
db:NVDid:CVE-2023-32349date:2023-06-01T17:54:27.743

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-32349date:2023-05-22T00:00:00
db:JVNDBid:JVNDB-2023-007331date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202305-1332date:2023-05-12T00:00:00
db:NVDid:CVE-2023-32349date:2023-05-22T16:15:10.420