CVE-2023-36611

Summary

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.

Affected Software

VendorProductVersion RangeStatus
OvarroTBox MS-CPU320 <= 1.50.598affected
Ovarro​TBox MS-CPU32-S20 <= 1.50.598affected
OvarroTBox LT20 <= 1.50.598affected
OvarroTBox TG20 <= 1.50.598affected
OvarroTBox RM20 <= 1.50.598affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References