CVE-2023-2586
Last modified
CVE-2023-2586 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. EPSS estimates a 1.02% chance of exploitation in the next 30 days.
Description
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Teltonika | Remote Management System | 4.14.0 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08Third Party Advisory, US Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-2586?
How severe is CVE-2023-2586?
How do I fix CVE-2023-2586?
Are you affected by CVE-2023-2586?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST