CVE-2023-47611

Summary

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

Affected Software

VendorProductVersion RangeStatus
Telit CinterionBGS5* < 2.000 ARN 01.001.08affected
Telit CinterionEHS5-E* < 4.013 ARN 01.000.06affected
Telit CinterionEHS5-US* < 4.000affected
Telit CinterionEHS5-US Rel.4* < 4.013 ARN 01.000.06affected
Telit CinterionEHS6* < 2.000affected
Telit CinterionEHS6 Rel.2* < 2.000 ARN 00.000.20affected
Telit CinterionEHS6 Rel.3* < 3.001 ARN 00.000.49affected
Telit CinterionEHS6 Rel.4* < 4.013 ARN 01.000.06affected
Telit CinterionEHS6-A Rel.4* < 4.013 ARN 01.000.06affected
Telit CinterionEHS8* < 3.011 ARN 00.000.60affected
Telit CinterionEHS8 Rel.4* < 4.013 ARN 01.000.06affected
Telit CinterionELS61-AUS* < 1.000affected
Telit CinterionELS61-AUS Rel.1* < 1.004 ARN 00.003.01affected
Telit CinterionELS61-AUS Rel.1 MR* < 1.005 ARN 00.005.01affected
Telit CinterionELS61-E* < 1.000affected
Telit CinterionELS61-E Rel.1* < 1.000 ARN 00.030.01affected
Telit CinterionELS61-E Rel.1 MR* < 1.000 ARN 00.032.02affected
Telit CinterionELS61-E Rel.2* < 2.000 ARN 01.000.03affected
Telit CinterionELS61-E Rel.2* < 2.000 ARN 01.000.03affected
Telit CinterionELS61-E2 Rel.1* < 1.000 ARN 00.026.01affected
Telit CinterionELS61-E2 Rel.1 MR* < 1.000 ARN 00.032.02affected
Telit CinterionELS61-US Rel.1 MR* < 1.01 ARN 00.028.01affected
Telit CinterionELS61-US Rel.2* < 2.012 ARN 01.000.05affected
Telit CinterionELS81-E* < 4.000affected
Telit CinterionELS81-E Rel.1* < 4.000 ARN 01.000.05affected
Telit CinterionELS81-E Rel.1.1* < 5.001 ARN 01.000.04affected
Telit CinterionELS81-US* < 5.012affected
Telit CinterionELS81-US Rel.1.1* < 5.012 ARN 01.000.05affected
Telit CinterionPDS5-E* < 3.001affected
Telit CinterionPDS5-E Rel.1* < 3.001 ARN 00.000.32affected
Telit CinterionPDS5-E Rel.4* < 4.013 ARN 01.000.06affected
Telit CinterionPLS62-W* < 2.01affected
Telit CinterionPLS62-W Rel.1* < 2.01 ARN 01.000.05affected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management

Workarounds

Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device. Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.

ADP Enrichment

CVE Program Container

Additional References

References