CVE-2023-4299

Name: CVE-2023-4299
Creator: NVD / NIST
Published: 2023-08-31T21:15:09.183+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 0.55%

Last modified Jun 17, 2026

CVE-2023-4299 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. . EPSS estimates a 0.55% chance of exploitation in the next 30 days.

Description

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.55%

41.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-836

Affected Software

Vendor	Product	Versions
Digi	Realport	<= 1.9-40
Digi	Realport	<= 4.8.488.0
Digi	Connectport Ts 8\/16 Firmware	< 2.26.2.4
Digi	Passport Firmware	All versions
Digi	Connectport Lts 8\/16\/32 Firmware	< 1.4.9
Digi	Cm Firmware	All versions
Digi	Portserver Ts Firmware	All versions
Digi	Portserver Ts Mei Firmware	All versions
Digi	Portserver Ts Mei Hardened Firmware	All versions
Digi	Portserver Ts M Mei Firmware	All versions
Digi	Portserver Ts P Mei Firmware	All versions
Digi	One Iap Firmware	All versions
Digi	One Ia Firmware	All versions
Digi	One Sp Ia Firmware	All versions
Digi	One Sp Firmware	All versions
Digi	Wr31 Firmware	All versions
Digi	Transport Wr11 Xt Firmware	All versions
Digi	Wr44 R Firmware	All versions
Digi	Wr21 Firmware	All versions
Digi	Connect Es Firmware	< 2.26.2.4
Digi	Connect Sp Firmware	All versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04Third Party Advisory, US Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdfVendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04Third Party Advisory, US Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdfVendor Advisory

Timeline

Published: Aug 31, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-4299?

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

How severe is CVE-2023-4299?

CVE-2023-4299 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.55% probability of exploitation in the next 30 days.

How do I fix CVE-2023-4299?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-4299?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST