What is the severity of CVE-2023-2587?

CVE-2023-2587 is classified as a cross-site scripting (XSS) vulnerability, which poses a significant risk to users of the affected systems.

How do I fix CVE-2023-2587?

To fix CVE-2023-2587, upgrade your Teltonika Remote Management System to version 4.10.0 or later.

What are the affected products for CVE-2023-2587?

CVE-2023-2587 affects all versions of Teltonika’s Remote Management System prior to 4.10.0.

Can CVE-2023-2587 be exploited remotely?

Yes, CVE-2023-2587 can be exploited remotely by an attacker who has knowledge of the MAC address and serial number of a connected device.

What types of attacks can CVE-2023-2587 facilitate?

CVE-2023-2587 can facilitate cross-site scripting attacks, allowing attackers to execute malicious scripts in the context of the user's browser.

Vulnerability/
CVE-2023-2587

high

8.3

CWE

22/5/2023

16/1/2025

CVE-2023-2587: XSS

First published: Mon May 22 2023(Updated: )

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Teltonika Remote Management System	<4.10.0
Teltonika Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588)
Teltonika Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586)
Teltonika RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349)
Teltonika RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350)

Never miss a vulnerability like this again

Reference Links

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

ICSA-23-131-08

Frequently Asked Questions

What is the severity of CVE-2023-2587?
CVE-2023-2587 is classified as a cross-site scripting (XSS) vulnerability, which poses a significant risk to users of the affected systems.
How do I fix CVE-2023-2587?
To fix CVE-2023-2587, upgrade your Teltonika Remote Management System to version 4.10.0 or later.
What are the affected products for CVE-2023-2587?
CVE-2023-2587 affects all versions of Teltonika’s Remote Management System prior to 4.10.0.
Can CVE-2023-2587 be exploited remotely?
Yes, CVE-2023-2587 can be exploited remotely by an attacker who has knowledge of the MAC address and serial number of a connected device.
What types of attacks can CVE-2023-2587 facilitate?
CVE-2023-2587 can facilitate cross-site scripting attacks, allowing attackers to execute malicious scripts in the context of the user's browser.

collector/nvd-index
agent/type
agent/author
agent/weakness
agent/references
agent/description
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/severity
agent/event
agent/first-publish-date
agent/trending
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/teltonika
canonical/teltonika remote management system
canonical/teltonika remote management system (rms): versions prior to 4.10.0 (affected by cve-2023-32346, cve-2023-32347, cve-2023-32348, cve-2023-2587, cve-2023-2588)
canonical/teltonika remote management system (rms): versions prior to 4.14.0 (affected by cve-2023-2586)
canonical/teltonika rut model routers: version 00.07.00 through 00.07.03.4 (affected by cve-2023-32349)
canonical/teltonika rut model routers: version 00.07.00 through 00.07.03 (affected by cve-2023-32350)