CVE-2023-47610
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-120: CWE-120: Buffer Copy without Checking Size of Input
Workarounds
Contact the mobile operator to disable the sending of SMS messages to the device. Use private APN with carefully configured security settings to limit impact of any potential exploit. Review the current security configuration in setups that already use private APN.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.