CVE-2023-47610

Summary

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-120: CWE-120: Buffer Copy without Checking Size of Input

Workarounds

Contact the mobile operator to disable the sending of SMS messages to the device. Use private APN with carefully configured security settings to limit impact of any potential exploit. Review the current security configuration in setups that already use private APN.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References