CVE-2023-2586
First published: Mon May 22 2023(Updated: )
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Teltonika Remote Management System | =4.14.0 | |
| Teltonika Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588) | ||
| Teltonika Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586) | ||
| Teltonika RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349) | ||
| Teltonika RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-2586?
CVE-2023-2586 has been assigned a medium severity level due to its potential for unauthorized device registration.
How do I fix CVE-2023-2586?
To mitigate CVE-2023-2586, disable the 'RMS management feature' in the Remote Management System settings.
Which versions are affected by CVE-2023-2586?
CVE-2023-2586 affects Teltonika Remote Management System version 4.14.0 and versions prior to that.
What type of vulnerability is CVE-2023-2586?
CVE-2023-2586 is an authorization vulnerability that allows unauthorized attackers to register devices.
What can happen if CVE-2023-2586 is exploited?
Exploitation of CVE-2023-2586 allows attackers to register unregistered devices and potentially gain control over those devices.
- collector/nvd-index
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/severity
- agent/event
- agent/first-publish-date
- agent/trending
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/teltonika
- canonical/teltonika remote management system
- version/teltonika remote management system/4.14.0
- canonical/teltonika remote management system (rms): versions prior to 4.10.0 (affected by cve-2023-32346, cve-2023-32347, cve-2023-32348, cve-2023-2587, cve-2023-2588)
- canonical/teltonika remote management system (rms): versions prior to 4.14.0 (affected by cve-2023-2586)
- canonical/teltonika rut model routers: version 00.07.00 through 00.07.03.4 (affected by cve-2023-32349)
- canonical/teltonika rut model routers: version 00.07.00 through 00.07.03 (affected by cve-2023-32350)