CVE-2023-2587
Last modified
CVE-2023-2587 is a high-severity vulnerability rated 8.3/10 on the CVSS scale. Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. EPSS estimates a 0.92% chance of exploitation in the next 30 days.
Description
Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Teltonika | Remote Management System | < 4.10.0 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08Third Party Advisory, US Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-2587?
How severe is CVE-2023-2587?
How do I fix CVE-2023-2587?
Are you affected by CVE-2023-2587?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST