CVE-2023-36611
Summary
| CVE | CVE-2023-36611 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-03 21:15:00 UTC |
| Updated | 2023-07-07 21:40:00 UTC |
| Description | The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens. |
Risk And Classification
Problem Types: CWE-285
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ovarro | Tbox Lt2 | - | All | All | All |
| Operating System | Ovarro | Tbox Lt2 Firmware | All | All | All | All |
| Hardware | Ovarro | Tbox Ms-cpu32 | - | All | All | All |
| Hardware | Ovarro | Tbox Ms-cpu32-s2 | - | All | All | All |
| Operating System | Ovarro | Tbox Ms-cpu32-s2 Firmware | All | All | All | All |
| Operating System | Ovarro | Tbox Ms-cpu32 Firmware | All | All | All | All |
| Hardware | Ovarro | Tbox Rm2 | - | All | All | All |
| Operating System | Ovarro | Tbox Rm2 Firmware | All | All | All | All |
| Hardware | Ovarro | Tbox Tg2 | - | All | All | All |
| Operating System | Ovarro | Tbox Tg2 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ovarro TBox RTUs | CISA | MISC | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.