CVE-2023-23774

Summary

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.

Affected Software

VendorProductVersion RangeStatus
MotorolaEBTS/MBTS Base RadioR05.x2.57affected

Weaknesses

  • CWE-248: An exception is thrown from a function, but it is not caught

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References