CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
References
Link Resource
https://tetraburst.com/ Not Applicable
https://tetraburst.com/ Not Applicable
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:*
cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.2
References () https://tetraburst.com/ - Not Applicable () https://tetraburst.com/ - Not Applicable

31 Aug 2023, 00:25

Type Values Removed Values Added
First Time Motorola
Motorola mbts Site Controller
Motorola mbts Site Controller Firmware
CWE CWE-347
CPE cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:*
cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://tetraburst.com/ - (MISC) https://tetraburst.com/ - Not Applicable

29 Aug 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-29 09:15

Updated : 2024-11-21 07:46


NVD link : CVE-2023-23772

Mitre link : CVE-2023-23772

CVE.ORG link : CVE-2023-23772


JSON object : View

Products Affected

motorola

  • mbts_site_controller
  • mbts_site_controller_firmware
CWE
CWE-347

Improper Verification of Cryptographic Signature