CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*

History

06 Sep 2023, 20:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
First Time Digi one Sp Ia Firmware
Digi wr21
Digi one Sp Ia
Digi portserver Ts P Mei Firmware
Digi one Iap
Digi portserver Ts
Digi wr31
Digi portserver Ts Firmware
Digi portserver Ts Mei Hardened Firmware
Digi cm
Digi
Digi one Sp
Digi one Iap Firmware
Digi connect Sp
Digi transport Wr11 Xt Firmware
Digi portserver Ts M Mei
Digi portserver Ts Mei Firmware
Digi connect Es
Digi realport
Digi wr31 Firmware
Digi passport
Digi connectport Ts 8\/16
Digi portserver Ts M Mei Firmware
Digi portserver Ts Mei Hardened
Digi portserver Ts P Mei
Digi connectport Lts 8\/16\/32
Digi transport Wr11 Xt
Digi one Sp Firmware
Digi wr44 R
Digi portserver Ts Mei
Digi passport Firmware
Digi connectport Lts 8\/16\/32 Firmware
Digi connectport Ts 8\/16 Firmware
Digi one Ia
Digi connect Es Firmware
Digi wr44 R Firmware
Digi cm Firmware
Digi connect Sp Firmware
Digi one Ia Firmware
Digi wr21 Firmware
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - Third Party Advisory, US Government Resource
References (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - Vendor Advisory
CPE cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*
cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*
cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

31 Aug 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-31 21:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4299

Mitre link : CVE-2023-4299

CVE.ORG link : CVE-2023-4299


JSON object : View

Products Affected

digi

  • one_sp_firmware
  • portserver_ts_m_mei
  • one_iap
  • wr31_firmware
  • passport_firmware
  • cm
  • connect_sp_firmware
  • connectport_ts_8\/16_firmware
  • cm_firmware
  • one_sp_ia
  • wr31
  • portserver_ts_mei_firmware
  • one_ia
  • one_iap_firmware
  • portserver_ts_mei
  • realport
  • wr44_r
  • portserver_ts
  • transport_wr11_xt
  • wr21_firmware
  • connect_sp
  • wr44_r_firmware
  • connect_es
  • connectport_lts_8\/16\/32_firmware
  • connectport_lts_8\/16\/32
  • one_sp
  • passport
  • portserver_ts_m_mei_firmware
  • connect_es_firmware
  • portserver_ts_mei_hardened
  • portserver_ts_p_mei_firmware
  • portserver_ts_mei_hardened_firmware
  • transport_wr11_xt_firmware
  • connectport_ts_8\/16
  • portserver_ts_p_mei
  • one_ia_firmware
  • one_sp_ia_firmware
  • wr21
  • portserver_ts_firmware
CWE
CWE-836

Use of Password Hash Instead of Password for Authentication