CVE-2023-23770 — CRITICAL (9.4)

Vulnerability Description

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.

CVSS Score

9.4

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Motorola	Mbts Site Controller Firmware	r05.32.58
Motorola	Mbts Site Controller	-

Related Weaknesses (CWE)

CWE-798 CWE-259

References

https://tetraburst.com/Not Applicable
https://tetraburst.com/Not Applicable

FAQ

What is CVE-2023-23770?

CVE-2023-23770 is a vulnerability with a CVSS score of 9.4 (CRITICAL). Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device...

How severe is CVE-2023-23770?

CVE-2023-23770 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-23770?

Check the references section above for vendor advisories and patch information. Affected products include: Motorola Mbts Site Controller Firmware, Motorola Mbts Site Controller.