Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ebts_site_controller_firmware by motorola

    CVE-2023-23774 (GCVE-0-2023-23774)

    Vulnerability from nvd – Published: 2023-08-29 08:49 – Updated: 2024-10-03 13:52
    VLAI
    Summary
    Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - An exception is thrown from a function, but it is not caught
    Assigner
    References
    URL Tags
    https://tetraburst.com/ related
    Impacted products
    Vendor Product Version
    Motorola EBTS/MBTS Base Radio Affected: R05.x2.57
    Create a notification for this product.
    motorola ebts_mbts_base_radio Affected: r05.x2.57
        cpe:2.3:a:motorola:ebts_mbts_base_radio:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Midnight Blue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:25.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TETRA:BURST",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://tetraburst.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:motorola:ebts_mbts_base_radio:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ebts_mbts_base_radio",
                "vendor": "motorola",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r05.x2.57"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T20:36:25.719546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T20:38:30.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "EBTS/MBTS Base Radio",
              "vendor": "Motorola",
              "versions": [
                {
                  "status": "affected",
                  "version": "R05.x2.57"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Midnight Blue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device\u0027s serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:L/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "An exception is thrown from a function, but it is not caught",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T13:52:17.494Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "TETRA:BURST",
              "tags": [
                "related"
              ],
              "url": "https://tetraburst.com/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-23774",
        "datePublished": "2023-08-29T08:49:32.508Z",
        "dateReserved": "2023-01-17T22:51:43.265Z",
        "dateUpdated": "2024-10-03T13:52:17.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23774 (GCVE-0-2023-23774)

    Vulnerability from cvelistv5 – Published: 2023-08-29 08:49 – Updated: 2024-10-03 13:52
    VLAI
    Summary
    Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - An exception is thrown from a function, but it is not caught
    Assigner
    References
    URL Tags
    https://tetraburst.com/ related
    Impacted products
    Vendor Product Version
    Motorola EBTS/MBTS Base Radio Affected: R05.x2.57
    Create a notification for this product.
    motorola ebts_mbts_base_radio Affected: r05.x2.57
        cpe:2.3:a:motorola:ebts_mbts_base_radio:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Midnight Blue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:25.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TETRA:BURST",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://tetraburst.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:motorola:ebts_mbts_base_radio:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ebts_mbts_base_radio",
                "vendor": "motorola",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r05.x2.57"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T20:36:25.719546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T20:38:30.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "EBTS/MBTS Base Radio",
              "vendor": "Motorola",
              "versions": [
                {
                  "status": "affected",
                  "version": "R05.x2.57"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Midnight Blue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device\u0027s serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:L/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "An exception is thrown from a function, but it is not caught",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T13:52:17.494Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "name": "TETRA:BURST",
              "tags": [
                "related"
              ],
              "url": "https://tetraburst.com/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-23774",
        "datePublished": "2023-08-29T08:49:32.508Z",
        "dateReserved": "2023-01-17T22:51:43.265Z",
        "dateUpdated": "2024-10-03T13:52:17.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }