CVE-2023-47611
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Telit Cinterion | BGS5 | * < 2.000 ARN 01.001.08 | affected |
| Telit Cinterion | EHS5-E | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS5-US | * < 4.000 | affected |
| Telit Cinterion | EHS5-US Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS6 | * < 2.000 | affected |
| Telit Cinterion | EHS6 Rel.2 | * < 2.000 ARN 00.000.20 | affected |
| Telit Cinterion | EHS6 Rel.3 | * < 3.001 ARN 00.000.49 | affected |
| Telit Cinterion | EHS6 Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS6-A Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS8 | * < 3.011 ARN 00.000.60 | affected |
| Telit Cinterion | EHS8 Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | ELS61-AUS | * < 1.000 | affected |
| Telit Cinterion | ELS61-AUS Rel.1 | * < 1.004 ARN 00.003.01 | affected |
| Telit Cinterion | ELS61-AUS Rel.1 MR | * < 1.005 ARN 00.005.01 | affected |
| Telit Cinterion | ELS61-E | * < 1.000 | affected |
| Telit Cinterion | ELS61-E Rel.1 | * < 1.000 ARN 00.030.01 | affected |
| Telit Cinterion | ELS61-E Rel.1 MR | * < 1.000 ARN 00.032.02 | affected |
| Telit Cinterion | ELS61-E Rel.2 | * < 2.000 ARN 01.000.03 | affected |
| Telit Cinterion | ELS61-E Rel.2 | * < 2.000 ARN 01.000.03 | affected |
| Telit Cinterion | ELS61-E2 Rel.1 | * < 1.000 ARN 00.026.01 | affected |
| Telit Cinterion | ELS61-E2 Rel.1 MR | * < 1.000 ARN 00.032.02 | affected |
| Telit Cinterion | ELS61-US Rel.1 MR | * < 1.01 ARN 00.028.01 | affected |
| Telit Cinterion | ELS61-US Rel.2 | * < 2.012 ARN 01.000.05 | affected |
| Telit Cinterion | ELS81-E | * < 4.000 | affected |
| Telit Cinterion | ELS81-E Rel.1 | * < 4.000 ARN 01.000.05 | affected |
| Telit Cinterion | ELS81-E Rel.1.1 | * < 5.001 ARN 01.000.04 | affected |
| Telit Cinterion | ELS81-US | * < 5.012 | affected |
| Telit Cinterion | ELS81-US Rel.1.1 | * < 5.012 ARN 01.000.05 | affected |
| Telit Cinterion | PDS5-E | * < 3.001 | affected |
| Telit Cinterion | PDS5-E Rel.1 | * < 3.001 ARN 00.000.32 | affected |
| Telit Cinterion | PDS5-E Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | PLS62-W | * < 2.01 | affected |
| Telit Cinterion | PLS62-W Rel.1 | * < 2.01 ARN 01.000.05 | affected |
Weaknesses
- CWE-269: CWE-269: Improper Privilege Management
Workarounds
Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device. Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.