CVE-2023-5347

Summary

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Affected Software

VendorProductVersion RangeStatus
KorenixJetNet Seriesfirmware older than 2024/01affected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature
  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Workarounds

See:  https://www.beijerelectronics.com/en/support/Help___online?docId=69947

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References