CVE-2023-23773 - Vulnerability Details - OpenCVE

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Motorola	Ebts Base Radio Ebts Base Radio Firmware Ebts Mbts Base Radio Mbts Base Radio Mbts Base Radio Firmware

Configuration 1 [-]

AND

cpe:2.3:o:motorola:ebts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*

cpe:2.3:h:motorola:ebts_base_radio:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:motorola:mbts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*

cpe:2.3:h:motorola:mbts_base_radio:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-27859	Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://tetraburst.com/

History

Tue, 01 Oct 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Motorola ebts Mbts Base Radio
CPEs		cpe:2.3:a:motorola:ebts_mbts_base_radio::::::::
Vendors & Products		Motorola ebts Mbts Base Radio
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: NCSC-NL

Published: 2023-08-29T08:49:00.979Z

Updated: 2024-10-01T20:39:57.051Z

Reserved: 2023-01-17T22:51:43.265Z

Link: CVE-2023-23773

Vulnrichment

Updated: 2024-08-02T10:42:25.883Z

NVD

Status : Modified

Published: 2023-08-29T09:15:09.330

Modified: 2024-11-21T07:46:48.100

Link: CVE-2023-23773

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23773", "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "state": "PUBLISHED", "assignerShortName": "NCSC-NL", "dateReserved": "2023-01-17T22:51:43.265Z", "datePublished": "2023-08-29T08:49:00.979Z", "dateUpdated": "2024-10-01T20:39:57.051Z"}, "containers": {"cna": {"affected": [{"vendor": "Motorola", "product": "EBTS/MBTS Base Radio", "versions": [{"version": "R05.x2.57", "status": "affected"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "providerMetadata": {"orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "shortName": "NCSC-NL", "dateUpdated": "2023-08-29T08:49:00.979Z"}, "references": [{"name": "TETRA:BURST", "tags": ["related"], "url": "https://tetraburst.com/"}], "credits": [{"lang": "en", "value": "Midnight Blue", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:H/MUI:N/MS:U/MC:H/MI:H/MA:H"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:25.883Z"}, "title": "CVE Program Container", "references": [{"name": "TETRA:BURST", "tags": ["related", "x_transferred"], "url": "https://tetraburst.com/"}]}, {"affected": [{"vendor": "motorola", "product": "ebts_mbts_base_radio", "cpes": ["cpe:2.3:a:motorola:ebts_mbts_base_radio:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "r05.x2.57", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-01T20:39:07.414372Z", "id": "CVE-2023-23773", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T20:39:57.051Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tetraburst.com/", "name": "TETRA:BURST", "tags": ["related", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:25.883Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-23773", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-01T20:39:07.414372Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:motorola:ebts_mbts_base_radio:*:*:*:*:*:*:*:*"], "vendor": "motorola", "product": "ebts_mbts_base_radio", "versions": [{"status": "affected", "version": "r05.x2.57"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T20:39:51.802Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Midnight Blue"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:H/MUI:N/MS:U/MC:H/MI:H/MA:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Motorola", "product": "EBTS/MBTS Base Radio", "versions": [{"status": "affected", "version": "R05.x2.57"}], "defaultStatus": "unknown"}], "references": [{"url": "https://tetraburst.com/", "name": "TETRA:BURST", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "shortName": "NCSC-NL", "dateUpdated": "2023-08-29T08:49:00.979Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23773", "state": "PUBLISHED", "dateUpdated": "2024-10-01T20:39:57.051Z", "dateReserved": "2023-01-17T22:51:43.265Z", "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "datePublished": "2023-08-29T08:49:00.979Z", "assignerShortName": "NCSC-NL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:ebts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*", "matchCriteriaId": "B1DB9FFD-308A-43F3-A646-17FBBA5BEB23", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:ebts_base_radio:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B397BB8-D7B1-468B-9CA9-63E1E34740D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:mbts_base_radio_firmware:r05.x2.57:*:*:*:*:*:*:*", "matchCriteriaId": "07A9EA39-6C38-4A3E-9628-AD39FE659018", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:mbts_base_radio:-:*:*:*:*:*:*:*", "matchCriteriaId": "92E15ED3-0448-4EE1-AE81-EDB533C24A70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."}, {"lang": "es", "value": "La radio base Motorola EBTS/MBTS no puede verificar la autenticidad del firmware. La radio base MBTS de Motorola carece de validaci\u00f3n de firma criptogr\u00e1fica para los paquetes de actualizaci\u00f3n de firmware, lo que permite a un atacante autenticado obtener la ejecuci\u00f3n de c\u00f3digo arbitrario, extraer material de clave secreta y/o dejar un implante persistente en el dispositivo."}], "id": "CVE-2023-23773", "lastModified": "2024-11-21T07:46:48.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cert@ncsc.nl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-29T09:15:09.330", "references": [{"source": "cert@ncsc.nl", "tags": ["Not Applicable"], "url": "https://tetraburst.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://tetraburst.com/"}], "sourceIdentifier": "cert@ncsc.nl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "cert@ncsc.nl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}