CVE-2023-4299

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4299
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 Third Party Advisory US Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*
History

06 Sep 2023, 20:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
First Time Digi one Sp Ia Firmware
Digi wr21
Digi one Sp Ia
Digi portserver Ts P Mei Firmware
Digi one Iap
Digi portserver Ts
Digi wr31
Digi portserver Ts Firmware
Digi portserver Ts Mei Hardened Firmware
Digi cm
Digi
Digi one Sp
Digi one Iap Firmware
Digi connect Sp
Digi transport Wr11 Xt Firmware
Digi portserver Ts M Mei
Digi portserver Ts Mei Firmware
Digi connect Es
Digi realport
Digi wr31 Firmware
Digi passport
Digi connectport Ts 8\/16
Digi portserver Ts M Mei Firmware
Digi portserver Ts Mei Hardened
Digi portserver Ts P Mei
Digi connectport Lts 8\/16\/32
Digi transport Wr11 Xt
Digi one Sp Firmware
Digi wr44 R
Digi portserver Ts Mei
Digi passport Firmware
Digi connectport Lts 8\/16\/32 Firmware
Digi connectport Ts 8\/16 Firmware
Digi one Ia
Digi connect Es Firmware
Digi wr44 R Firmware
Digi cm Firmware
Digi connect Sp Firmware
Digi one Ia Firmware
Digi wr21 Firmware
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - Third Party Advisory, US Government Resource
References (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - Vendor Advisory
CPE cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*
cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*
cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

31 Aug 2023, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-31 21:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-4299

Mitre link : CVE-2023-4299

CVE.ORG link : CVE-2023-4299

JSON object : View

Products Affected

digi

  • one_sp_firmware
  • portserver_ts_m_mei
  • one_iap
  • wr31_firmware
  • passport_firmware
  • cm
  • connect_sp_firmware
  • connectport_ts_8\/16_firmware
  • cm_firmware
  • one_sp_ia
  • wr31
  • portserver_ts_mei_firmware
  • one_ia
  • one_iap_firmware
  • portserver_ts_mei
  • realport
  • wr44_r
  • portserver_ts
  • transport_wr11_xt
  • wr21_firmware
  • connect_sp
  • wr44_r_firmware
  • connect_es
  • connectport_lts_8\/16\/32_firmware
  • connectport_lts_8\/16\/32
  • one_sp
  • passport
  • portserver_ts_m_mei_firmware
  • connect_es_firmware
  • portserver_ts_mei_hardened
  • portserver_ts_p_mei_firmware
  • portserver_ts_mei_hardened_firmware
  • transport_wr11_xt_firmware
  • connectport_ts_8\/16
  • portserver_ts_p_mei
  • one_ia_firmware
  • one_sp_ia_firmware
  • wr21
  • portserver_ts_firmware
CWE
CWE-836

Use of Password Hash Instead of Password for Authentication


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024