CVE-2023-2586

Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:teltonika:remote_management_system:4.14.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:58

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 9.0

31 May 2023, 20:19

Type Values Removed Values Added
First Time Teltonika remote Management System
Teltonika
CPE cpe:2.3:a:teltonika:remote_management_system:4.14.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource

Information

Published : 2023-05-22 16:15

Updated : 2024-11-21 07:58


NVD link : CVE-2023-2586

Mitre link : CVE-2023-2586

CVE.ORG link : CVE-2023-2586


JSON object : View

Products Affected

teltonika

  • remote_management_system
CWE
CWE-287

Improper Authentication