A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Telit Subscribe
Bgs5 Subscribe
Bgs5 Firmware Subscribe
Ehs5 Subscribe
Ehs5 Firmware Subscribe
Ehs6 Subscribe
Ehs6 Firmware Subscribe
Ehs8 Subscribe
Ehs8 Firmware Subscribe
Els61 Subscribe
Els61 Firmware Subscribe
Els81 Subscribe
Els81 Firmware Subscribe
Pds5 Subscribe
Pds5 Firmware Subscribe
Pds6 Subscribe
Pds6 Firmware Subscribe
Pds8 Subscribe
Pds8 Firmware Subscribe
Pls62 Subscribe
Pls62 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-51724 A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.
Fixes

Solution

No solution given by the vendor.

Workaround

Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device.

References
Link Providers
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/ cve-icon cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published:

Updated: 2024-09-03T19:34:58.071Z

Reserved: 2023-11-07T10:06:48.689Z

Link: CVE-2023-47613

cve-icon Vulnrichment

Updated: 2024-08-02T21:09:37.374Z

cve-icon NVD

Status : Modified

Published: 2023-11-09T07:15:07.310

Modified: 2024-11-21T08:30:31.523

Link: CVE-2023-47613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses