← voltar
CVE-2023-4299

Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication

CVSS 9 CRITICALEPSS 0.5%CWE-836
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Digi International · Digi 6350-SRDigi International · Digi CM Console ServerDigi International · Digi ConnectCore 8X productsDigi International · Digi Connect ESDigi International · Digi ConnectPort LTS 8/16/32Digi International · Digi ConnectPort TS 8/16Digi International · Digi Connect SPDigi International · Digi One IADigi International · Digi One IAP FamilyDigi International · ​Digi One SPDigi International · Digi One SP IADigi International · Digi Passport Console ServerDigi International · Digi PortServer TSDigi International · Digi PortServer TS MEIDigi International · Digi PortServer TS MEI HardenedDigi International · Digi PortServer TS M MEIDigi International · Digi PortServer TS P MEIDigi International · Digi RealPortDigi International · Digi WR11 XTDigi International · Digi WR21Digi International · Digi WR31Digi International · Digi WR44 R

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf