Detections
Analytics

Teltonika Remote Management System and RUT Model Routers External Control of System or Configuration Setting (CVE-2023-32349)

high Tenable OT Security Plugin ID 502647

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Version 00.07.03.4 and prior of Teltonika's RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Teltonika recommends users update their devices to the latest versions.

- RMS services have already been updated to versions, which fix these vulnerabilities.
- Users can download the latest version of their respective RUT routers by navigating to the appropriate device on Teltonika’s website.

See Also

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Plugin Details

Severity: High

ID: 502647

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 10/17/2024

Updated: 10/18/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-32349

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:teltonika-networks:rut100_firmware, cpe:/o:teltonika-networks:rutm50_firmware, cpe:/o:teltonika-networks:rutx50_firmware, cpe:/o:teltonika-networks:otd140_firmware, cpe:/o:teltonika-networks:rut300_firmware, cpe:/o:teltonika-networks:rutm_firmware, cpe:/o:teltonika-networks:rutx_firmware, cpe:/o:teltonika-networks:rutc50_firmware, cpe:/o:teltonika-networks:rut200_firmware, cpe:/o:teltonika-networks:tcr100_firmware, cpe:/o:teltonika-networks:rut900_firmware

Required KB Items: Tenable.ot/Teltonika

Exploit Ease: No known exploits are available

Patch Publication Date: 5/22/2023

Vulnerability Publication Date: 5/22/2023

Reference Information

CVE: CVE-2023-32349

CWE: 15

ICSA: 23-131-08