CVE-2023-4299 — CRITICAL (9.0)

Q: What is CVE-2023-4299?

CVE-2023-4299 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Q: How severe is CVE-2023-4299?

CVE-2023-4299 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-4299?

Check the references section above for vendor advisories and patch information. Affected products include: Digi Realport, Digi Connectport Ts 8\/16 Firmware, Digi Connectport Ts 8\/16, Digi Passport Firmware, Digi Passport.

Vulnerability Description

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Digi	Realport	<= 1.9-40
Digi	Connectport Ts 8\/16 Firmware	< 2.26.2.4
Digi	Connectport Ts 8\/16	-
Digi	Passport Firmware	-
Digi	Passport	-
Digi	Connectport Lts 8\/16\/32 Firmware	< 1.4.9
Digi	Connectport Lts 8\/16\/32	-
Digi	Cm Firmware	-
Digi	Cm	-
Digi	Portserver Ts Firmware	-
Digi	Portserver Ts	-
Digi	Portserver Ts Mei Firmware	-
Digi	Portserver Ts Mei	-
Digi	Portserver Ts Mei Hardened Firmware	-
Digi	Portserver Ts Mei Hardened	-
Digi	Portserver Ts M Mei Firmware	-
Digi	Portserver Ts M Mei	-
Digi	Portserver Ts P Mei Firmware	-
Digi	Portserver Ts P Mei	-
Digi	One Iap Firmware	-

Related Weaknesses (CWE)

CWE-836

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04Third Party AdvisoryUS Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/DragoVendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04Third Party AdvisoryUS Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/DragoVendor Advisory

FAQ

What is CVE-2023-4299?

CVE-2023-4299 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

How severe is CVE-2023-4299?

CVE-2023-4299 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-4299?

Check the references section above for vendor advisories and patch information. Affected products include: Digi Realport, Digi Connectport Ts 8\/16 Firmware, Digi Connectport Ts 8\/16, Digi Passport Firmware, Digi Passport.