CVE-2023-47613

Description

A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

Remediation

Workaround:

Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device.
Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.

References

Link	Tags
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-47613?: CVE-2023-47613 has been scored as a medium severity vulnerability.
How to fix CVE-2023-47613?: As a workaround for remediating CVE-2023-47613: Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device.
Is CVE-2023-47613 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-47613 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-47613?: CVE-2023-47613 affects Telit Cinterion BGS5, Telit Cinterion EHS5, Telit Cinterion EHS6, Telit Cinterion EHS8, Telit Cinterion PDS5, Telit Cinterion PDS6, Telit Cinterion PDS8, Telit Cinterion ELS61, Telit Cinterion ELS81, Telit Cinterion PLS62.

Description

Remediation

Categories

CWE-23 – Relative Path Traversal

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions