VDB
CVE-2023-5347
CVE-2023-5347
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
EPSS 0.17% · 38.6th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.17%
38.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| korenix | jetnet_7628xp-4f-us_firmware | 1.0, 1.1, 1.0 |
| korenix | jetnet_4508f-s_firmware | 2.3, 2.3, 2.3 |
| korenix | jetnet_4508if-mw_firmware | 1.3, 1.3, 1.3 |
| korenix | jetnet_6528gf-2dc24_firmware | 1.0, 1.0, 1.0 |
| korenix | jetnet_4508_firmware | 2.3, 2.3, 2.3 |
| korenix | jetnet_6628x-4f-eu_firmware | 1.0, 1.0, 1.0 |
| korenix | jetnet_6528gf-ac-eu_firmware | 1.0, 1.0, 1.0 |
| korenix | jetnet_5310g_firmware | 2.6, 2.6, 2.6 |
| korenix | jetnet_5612g-4f_firmware | 1.2, 1.2, 1.2 |
| korenix | jetnet_5620g-4c_firmware | 1.1, 1.1, 1.1 |
| korenix | jetnet_6910g-m12_hvdc_firmware | 1.0, 1.0, 1.0 |
| korenix | jetnet_4508i-w_firmware | 1.3, 1.3, 1.3 |
| korenix | jetnet_5612gp-4f_firmware | 1.2, 1.2, 1.2 |
| korenix | jetnet_6828gf-2ac-eu_firmware | 1.0, 1.0, 1.0 |
| korenix | jetnet_4508f-sw_firmware | 2.3, 2.3, 2.3 |
| korenix | jetnet_6628xp-4f-us_firmware | 1.1, 1.1, 1.1 |
| korenix | jetnet_6828gf-2dc48_firmware | 1.0, 1.0, 1.0 |
| Korenix | JetNet Series | firmware older than 2024/01, firmware older than 2024/01, * |
| korenix | jetnet_6528gf-ac-us_firmware | 1.0, 1.0, 1.0 |
| korenix | jetnet_6528gf-2ac-eu_firmware | 1.0, 1.0, 1.0 |
…and 23 more
Exploit Intelligence
- http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html (nist-nvd)
- http://seclists.org/fulldisclosure/2024/Jan/11 (nist-nvd)
- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/ (nist-nvd)
- CIRCL seen: CVE-2023-5347 (circl-sighting)
- CIRCL seen: CVE-2023-5347 (circl-sighting)
- CIRCL seen: CVE-2023-5347 (circl-sighting)
- CIRCL seen: CVE-2023-5347 (circl-sighting)
- https://www.beijerelectronics.com/en/support/Help___online?docId=69947 (circl)
- Korenix JetNet Series Unauthenticated Access Exploit (0day-today)
- Korenix JetNet Series Unauthenticated Access Exploit (0day-today)
…and 1 more exploits
Timeline
- Jan 9, 2024 CVE Published
- Jan 10, 2024 EPSS Score
- Jan 16, 2024 PoC Published
- Jan 16, 2024 PoC Published
- Jan 17, 2024 PoC Published
- Jan 26, 2024 PoC Published
- Feb 7, 2024 EPSS Score
- Mar 7, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
- May 2, 2024 EPSS Score
- Jun 28, 2024 EPSS Score
- Jul 26, 2024 EPSS Score
References
- https://www.beijerelectronics.com/en/support/Help___online?docId=69947 url
- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/ url
- http://seclists.org/fulldisclosure/2024/Jan/11 url
- http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html url
- https://nvd.nist.gov/vuln/detail/CVE-2023-5347 advisory
- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series url