{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5347","assignerOrgId":"7d092a75-6bbd-48c6-a15a-0297458009bc","state":"PUBLISHED","assignerShortName":"CyberDanube","dateReserved":"2023-10-03T08:11:00.343Z","datePublished":"2024-01-09T09:54:59.664Z","dateUpdated":"2025-10-08T09:10:00.840Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"JetNet Series","vendor":"Korenix","versions":[{"status":"affected","version":"firmware older than 2024/01"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"S. Dietz (CyberDanube)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.&nbsp;<span style=\"background-color: var(--wht);\">This issue affects JetNet devices older than firmware version 2024/01.</span>"}],"value":"An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01."}],"impacts":[{"capecId":"CAPEC-558","descriptions":[{"lang":"en","value":"CAPEC-558 Replace Trusted Executable"}]},{"capecId":"CAPEC-552","descriptions":[{"lang":"en","value":"CAPEC-552 Install Rootkit"}]},{"capecId":"CAPEC-642","descriptions":[{"lang":"en","value":"CAPEC-642 Replace Binaries"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-347","description":"CWE-347 Improper Verification of Cryptographic Signature","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-327","description":"CWE-327 Use of a Broken or Risky Cryptographic Algorithm","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d092a75-6bbd-48c6-a15a-0297458009bc","shortName":"CyberDanube","dateUpdated":"2025-10-08T09:10:00.840Z"},"references":[{"url":"https://www.beijerelectronics.com/en/support/Help___online?docId=69947"},{"url":"https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/11"},{"url":"http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"}],"source":{"discovery":"EXTERNAL"},"title":"Unauthenticated Firmware Upgrade","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"See:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.beijerelectronics.com/en/support/Help___online?docId=69947\">https://www.beijerelectronics.com/en/support/Help___online?docId=69947</a>"}],"value":"See:  https://www.beijerelectronics.com/en/support/Help___online?docId=69947"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:52:08.584Z"},"title":"CVE Program Container","references":[{"url":"https://www.beijerelectronics.com/en/support/Help___online?docId=69947","tags":["x_transferred"]},{"url":"https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Jan/11","tags":["x_transferred"]},{"url":"http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-08T15:33:17.516940Z","id":"CVE-2023-5347","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-03T14:33:02.608Z"}}]}}