CVE-2023-4299
Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
El protocolo Digi RealPort es vulnerable a un ataque de repeticiĆ³n que puede permitir a un atacante saltarse la autenticaciĆ³n para acceder a los equipos conectados.
*Credits:
Reid Wightman of Dragos, Inc reported this vulnerability to Digi International.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-10 CVE Reserved
- 2023-08-31 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-836: Use of Password Hash Instead of Password for Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digi Search vendor "Digi" | Connectport Ts 8\/16 Firmware Search vendor "Digi" for product "Connectport Ts 8\/16 Firmware" | < 2.26.2.4 Search vendor "Digi" for product "Connectport Ts 8\/16 Firmware" and version " < 2.26.2.4" | - |
Affected
| in | Digi Search vendor "Digi" | Connectport Ts 8\/16 Search vendor "Digi" for product "Connectport Ts 8\/16" | - | - |
Safe
|
| Digi Search vendor "Digi" | Passport Firmware Search vendor "Digi" for product "Passport Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Passport Search vendor "Digi" for product "Passport" | - | - |
Safe
|
| Digi Search vendor "Digi" | Connectport Lts 8\/16\/32 Firmware Search vendor "Digi" for product "Connectport Lts 8\/16\/32 Firmware" | < 1.4.9 Search vendor "Digi" for product "Connectport Lts 8\/16\/32 Firmware" and version " < 1.4.9" | - |
Affected
| in | Digi Search vendor "Digi" | Connectport Lts 8\/16\/32 Search vendor "Digi" for product "Connectport Lts 8\/16\/32" | - | - |
Safe
|
| Digi Search vendor "Digi" | Cm Firmware Search vendor "Digi" for product "Cm Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Cm Search vendor "Digi" for product "Cm" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts Firmware Search vendor "Digi" for product "Portserver Ts Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts Search vendor "Digi" for product "Portserver Ts" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts Mei Firmware Search vendor "Digi" for product "Portserver Ts Mei Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts Mei Search vendor "Digi" for product "Portserver Ts Mei" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts Mei Hardened Firmware Search vendor "Digi" for product "Portserver Ts Mei Hardened Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts Mei Hardened Search vendor "Digi" for product "Portserver Ts Mei Hardened" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts M Mei Firmware Search vendor "Digi" for product "Portserver Ts M Mei Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts M Mei Search vendor "Digi" for product "Portserver Ts M Mei" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts P Mei Firmware Search vendor "Digi" for product "Portserver Ts P Mei Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts P Mei Search vendor "Digi" for product "Portserver Ts P Mei" | - | - |
Safe
|
| Digi Search vendor "Digi" | One Iap Firmware Search vendor "Digi" for product "One Iap Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | One Iap Search vendor "Digi" for product "One Iap" | - | - |
Safe
|
| Digi Search vendor "Digi" | One Ia Firmware Search vendor "Digi" for product "One Ia Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | One Ia Search vendor "Digi" for product "One Ia" | - | - |
Safe
|
| Digi Search vendor "Digi" | One Sp Ia Firmware Search vendor "Digi" for product "One Sp Ia Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | One Sp Ia Search vendor "Digi" for product "One Sp Ia" | - | - |
Safe
|
| Digi Search vendor "Digi" | One Sp Firmware Search vendor "Digi" for product "One Sp Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | One Sp Search vendor "Digi" for product "One Sp" | - | - |
Safe
|
| Digi Search vendor "Digi" | Wr31 Firmware Search vendor "Digi" for product "Wr31 Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Wr31 Search vendor "Digi" for product "Wr31" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr11 Xt Firmware Search vendor "Digi" for product "Transport Wr11 Xt Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Xt Search vendor "Digi" for product "Transport Wr11 Xt" | - | - |
Safe
|
| Digi Search vendor "Digi" | Wr44 R Firmware Search vendor "Digi" for product "Wr44 R Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Wr44 R Search vendor "Digi" for product "Wr44 R" | - | - |
Safe
|
| Digi Search vendor "Digi" | Wr21 Firmware Search vendor "Digi" for product "Wr21 Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Wr21 Search vendor "Digi" for product "Wr21" | - | - |
Safe
|
| Digi Search vendor "Digi" | Connect Es Firmware Search vendor "Digi" for product "Connect Es Firmware" | < 2.26.2.4 Search vendor "Digi" for product "Connect Es Firmware" and version " < 2.26.2.4" | - |
Affected
| in | Digi Search vendor "Digi" | Connect Es Search vendor "Digi" for product "Connect Es" | - | - |
Safe
|
| Digi Search vendor "Digi" | Connect Sp Firmware Search vendor "Digi" for product "Connect Sp Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Connect Sp Search vendor "Digi" for product "Connect Sp" | - | - |
Safe
|
| Digi Search vendor "Digi" | Realport Search vendor "Digi" for product "Realport" | <= 1.9-40 Search vendor "Digi" for product "Realport" and version " <= 1.9-40" | linux |
Affected
| ||||||
| Digi Search vendor "Digi" | Realport Search vendor "Digi" for product "Realport" | <= 4.8.488.0 Search vendor "Digi" for product "Realport" and version " <= 4.8.488.0" | windows |
Affected
| ||||||