What is the severity of CVE-2023-7060?

CVE-2023-7060 is classified as a medium-severity vulnerability.

How do I fix CVE-2023-7060?

To fix CVE-2023-7060, update Zephyr OS to version 3.6.0 or later.

What does CVE-2023-7060 affect?

CVE-2023-7060 affects versions of Zephyr OS prior to 3.6.0, specifically in the IP packet handling implementation.

What is the risk associated with CVE-2023-7060?

The risk associated with CVE-2023-7060 includes potential unauthorized access through improperly handled IP packets.

Are there any workarounds for CVE-2023-7060?

Currently, there are no official workarounds for CVE-2023-7060 other than applying the patch by upgrading the software.

Vulnerability/
CVE-2023-7060

high

8.6

15/3/2024

3/2/2025

CVE-2023-7060: Missing Security Control in Zephyr OS IP Packet Handling

First published: Fri Mar 15 2024(Updated: )

Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.

Credit: vulnerabilities@zephyrproject.org

Affected Software	Affected Version	How to fix
Zephyr Project Manager	<3.6.0
Zephyr Project Zephyr OS

Never miss a vulnerability like this again

Reference Links

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr

Frequently Asked Questions

What is the severity of CVE-2023-7060?
CVE-2023-7060 is classified as a medium-severity vulnerability.
How do I fix CVE-2023-7060?
To fix CVE-2023-7060, update Zephyr OS to version 3.6.0 or later.
What does CVE-2023-7060 affect?
CVE-2023-7060 affects versions of Zephyr OS prior to 3.6.0, specifically in the IP packet handling implementation.
What is the risk associated with CVE-2023-7060?
The risk associated with CVE-2023-7060 includes potential unauthorized access through improperly handled IP packets.
Are there any workarounds for CVE-2023-7060?
Currently, there are no official workarounds for CVE-2023-7060 other than applying the patch by upgrading the software.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/author
collector/mitre-cve
source/MITRE
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
agent/guess-ai
agent/software-canonical-lookup-request
vendor/zephyrproject
canonical/zephyr project manager
vendor/zephyr project
canonical/zephyr project zephyr os

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2023-7060?
CVE-2023-7060 is classified as a medium-severity vulnerability.
How do I fix CVE-2023-7060?
To fix CVE-2023-7060, update Zephyr OS to version 3.6.0 or later.
What does CVE-2023-7060 affect?
CVE-2023-7060 affects versions of Zephyr OS prior to 3.6.0, specifically in the IP packet handling implementation.
What is the risk associated with CVE-2023-7060?
The risk associated with CVE-2023-7060 includes potential unauthorized access through improperly handled IP packets.
Are there any workarounds for CVE-2023-7060?
Currently, there are no official workarounds for CVE-2023-7060 other than applying the patch by upgrading the software.