CVE-2023-32347
First published: Mon May 22 2023(Updated: )
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Teltonika Remote Management System | <4.10.0 | |
| Teltonika Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588) | ||
| Teltonika Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586) | ||
| Teltonika RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349) | ||
| Teltonika RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-32347?
CVE-2023-32347 is classified as a high severity vulnerability due to its potential for device impersonation and unauthorized access.
How do I fix CVE-2023-32347?
To fix CVE-2023-32347, update the Teltonika Remote Management System to version 4.10.0 or later.
What devices are affected by CVE-2023-32347?
CVE-2023-32347 affects Teltonika Remote Management System versions prior to 4.10.0.
What type of attack can occur due to CVE-2023-32347?
An attacker could exploit CVE-2023-32347 by obtaining device serial numbers and MAC addresses, leading to unauthorized device claiming and access.
Is CVE-2023-32347 related to other vulnerabilities?
Yes, CVE-2023-32347 is related to multiple vulnerabilities affecting Teltonika devices, including CVE-2023-32346 and CVE-2023-32348.
- collector/nvd-index
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/teltonika
- canonical/teltonika remote management system
- canonical/teltonika remote management system (rms): versions prior to 4.10.0 (affected by cve-2023-32346, cve-2023-32347, cve-2023-32348, cve-2023-2587, cve-2023-2588)
- canonical/teltonika remote management system (rms): versions prior to 4.14.0 (affected by cve-2023-2586)
- canonical/teltonika rut model routers: version 00.07.00 through 00.07.03.4 (affected by cve-2023-32349)
- canonical/teltonika rut model routers: version 00.07.00 through 00.07.03 (affected by cve-2023-32350)