Strix
26.1K

CVE-2023-5347

CRITICALCVSS 9.1/10EPSS 1.34%

Last modified

CVE-2023-5347 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.. EPSS estimates a 1.34% chance of exploitation in the next 30 days.

Description

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Probability
1.34%

67.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
KorenixJetnet 5310g Firmware2.6
KorenixJetnet 4508 Firmware2.3
KorenixJetnet 4508i-W Firmware1.3
KorenixJetnet 4508-W Firmware2.3
KorenixJetnet 4508if-S Firmware1.3
KorenixJetnet 4508if-M Firmware1.3
KorenixJetnet 4508if-Sw Firmware1.3
KorenixJetnet 4508if-Mw Firmware1.3
KorenixJetnet 4508f-M Firmware2.3
KorenixJetnet 4508f-S Firmware2.3
KorenixJetnet 4508f-Mw Firmware2.3
KorenixJetnet 4508f-Sw Firmware2.3
KorenixJetnet 5620g-4c Firmware1.1
KorenixJetnet 5612gp-4f Firmware1.2
KorenixJetnet 5612g-4f Firmware1.2
KorenixJetnet 5728g-24p-Ac-2dc-Us Firmware2.1
KorenixJetnet 5728g-24p-Ac-2dc-Eu Firmware2.1
KorenixJetnet 6528gf-2ac-Eu Firmware1.0
KorenixJetnet 6528gf-2ac-Us Firmware1.0
KorenixJetnet 6528gf-2dc24 Firmware1.0
KorenixJetnet 6528gf-2dc48 Firmware1.0
KorenixJetnet 6528gf-Ac-Eu Firmware1.0
KorenixJetnet 6528gf-Ac-Us Firmware1.0
KorenixJetnet 6628xp-4f-Us Firmware1.1
KorenixJetnet 6628x-4f-Eu Firmware1.0
KorenixJetnet 6728g-24p-Ac-2dc-Us Firmware1.1
KorenixJetnet 6728g-24p-Ac-2dc-Eu Firmware1.1
KorenixJetnet 6828gf-2dc48 Firmware1.0
KorenixJetnet 6828gf-2dc24 Firmware1.0
KorenixJetnet 6828gf-Ac-Dc24-Us Firmware1.0
KorenixJetnet 6828gf-2ac-Us Firmware1.0
KorenixJetnet 6828gf-Ac-Us Firmware1.0
KorenixJetnet 6828gf-2ac-Au Firmware1.0
KorenixJetnet 6828gf-Ac-Dc24-Eu Firmware1.0
KorenixJetnet 6828gf-2ac-Eu Firmware1.0
KorenixJetnet 6910g-M12 Hvdc Firmware1.0
KorenixJetnet 7310g-V2 Firmware1.0
KorenixJetnet 7628xp-4f-Us Firmware1.0
KorenixJetnet 7628xp-4f-Us Firmware1.1
KorenixJetnet 7628xp-4f-Eu Firmware1.0
KorenixJetnet 7628xp-4f-Eu Firmware1.1
KorenixJetnet 7628x-4f-Us Firmware1.0
KorenixJetnet 7628x-4f-Eu Firmware1.0
KorenixJetnet 7714g-M12 Hvdc Firmware1.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-5347?
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
How severe is CVE-2023-5347?
CVE-2023-5347 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 1.34% probability of exploitation in the next 30 days.
How do I fix CVE-2023-5347?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-5347?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST