Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for MBTS Site Controller by Motorola

    CVE-2023-23772 (GCVE-0-2023-23772)

    Vulnerability from nvd – Published: 2023-08-29 08:48 – Updated: 2024-10-02 14:00
    VLAI
    Summary
    Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    URL Tags
    https://tetraburst.com/ related
    Impacted products
    Vendor Product Version
    Motorola MBTS Site Controller Affected: R05.32.58
    Create a notification for this product.
    motorola mbts_site_controller Affected: R05.32.58
        cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Midnight Blue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:25.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TETRA:BURST",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://tetraburst.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mbts_site_controller",
                "vendor": "motorola",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R05.32.58"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T13:59:09.175298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:00:09.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "MBTS Site Controller",
              "vendor": "Motorola",
              "versions": [
                {
                  "status": "affected",
                  "version": "R05.32.58"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Midnight Blue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:H/MUI:N/MS:U/MC:H/MI:H/MA:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-29T08:48:45.339Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "TETRA:BURST",
              "tags": [
                "related"
              ],
              "url": "https://tetraburst.com/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-23772",
        "datePublished": "2023-08-29T08:48:45.339Z",
        "dateReserved": "2023-01-17T22:51:43.265Z",
        "dateUpdated": "2024-10-02T14:00:09.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23770 (GCVE-0-2023-23770)

    Vulnerability from nvd – Published: 2023-08-29 08:47 – Updated: 2024-10-02 14:38
    VLAI
    Summary
    Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    References
    URL Tags
    https://tetraburst.com/ related
    Impacted products
    Vendor Product Version
    Motorola MBTS Site Controller Affected: R05.32.58
    Create a notification for this product.
    motorola mbts_site_controller Affected: r05.32.58
        cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Midnight Blue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:26.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TETRA:BURST",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://tetraburst.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mbts_site_controller",
                "vendor": "motorola",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r05.32.58"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:35:53.927079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:38:55.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "MBTS Site Controller",
              "vendor": "Motorola",
              "versions": [
                {
                  "status": "affected",
                  "version": "R05.32.58"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Midnight Blue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:L/MI:H/MA:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-29T08:47:13.848Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "TETRA:BURST",
              "tags": [
                "related"
              ],
              "url": "https://tetraburst.com/"
            }
          ],
          "taxonomyMappings": [
            {
              "taxonomyName": "ATT\u0026CK",
              "taxonomyRelations": [
                {
                  "relationshipName": "mitigated by",
                  "relationshipValue": "M0801",
                  "taxonomyId": "T0891"
                }
              ],
              "taxonomyVersion": "v1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-23770",
        "datePublished": "2023-08-29T08:47:13.848Z",
        "dateReserved": "2023-01-17T22:51:43.265Z",
        "dateUpdated": "2024-10-02T14:38:55.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23772 (GCVE-0-2023-23772)

    Vulnerability from cvelistv5 – Published: 2023-08-29 08:48 – Updated: 2024-10-02 14:00
    VLAI
    Summary
    Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    URL Tags
    https://tetraburst.com/ related
    Impacted products
    Vendor Product Version
    Motorola MBTS Site Controller Affected: R05.32.58
    Create a notification for this product.
    motorola mbts_site_controller Affected: R05.32.58
        cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Midnight Blue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:25.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TETRA:BURST",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://tetraburst.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mbts_site_controller",
                "vendor": "motorola",
                "versions": [
                  {
                    "status": "affected",
                    "version": "R05.32.58"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T13:59:09.175298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:00:09.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "MBTS Site Controller",
              "vendor": "Motorola",
              "versions": [
                {
                  "status": "affected",
                  "version": "R05.32.58"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Midnight Blue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:H/MUI:N/MS:U/MC:H/MI:H/MA:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-29T08:48:45.339Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "TETRA:BURST",
              "tags": [
                "related"
              ],
              "url": "https://tetraburst.com/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-23772",
        "datePublished": "2023-08-29T08:48:45.339Z",
        "dateReserved": "2023-01-17T22:51:43.265Z",
        "dateUpdated": "2024-10-02T14:00:09.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23770 (GCVE-0-2023-23770)

    Vulnerability from cvelistv5 – Published: 2023-08-29 08:47 – Updated: 2024-10-02 14:38
    VLAI
    Summary
    Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    References
    URL Tags
    https://tetraburst.com/ related
    Impacted products
    Vendor Product Version
    Motorola MBTS Site Controller Affected: R05.32.58
    Create a notification for this product.
    motorola mbts_site_controller Affected: r05.32.58
        cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Midnight Blue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:26.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TETRA:BURST",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://tetraburst.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mbts_site_controller",
                "vendor": "motorola",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r05.32.58"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:35:53.927079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:38:55.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "MBTS Site Controller",
              "vendor": "Motorola",
              "versions": [
                {
                  "status": "affected",
                  "version": "R05.32.58"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Midnight Blue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:L/MI:H/MA:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-29T08:47:13.848Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "TETRA:BURST",
              "tags": [
                "related"
              ],
              "url": "https://tetraburst.com/"
            }
          ],
          "taxonomyMappings": [
            {
              "taxonomyName": "ATT\u0026CK",
              "taxonomyRelations": [
                {
                  "relationshipName": "mitigated by",
                  "relationshipValue": "M0801",
                  "taxonomyId": "T0891"
                }
              ],
              "taxonomyVersion": "v1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-23770",
        "datePublished": "2023-08-29T08:47:13.848Z",
        "dateReserved": "2023-01-17T22:51:43.265Z",
        "dateUpdated": "2024-10-02T14:38:55.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }