{"api_version":"1","generated_at":"2026-04-23T06:21:00+00:00","cve":"CVE-2023-23772","urls":{"html":"https://cve.report/CVE-2023-23772","api":"https://cve.report/api/cve/CVE-2023-23772.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-23772","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-23772"},"summary":{"title":"CVE-2023-23772","description":"Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.","state":"PUBLIC","assigner":"cert@ncsc.nl","published_at":"2023-08-29 09:15:00","updated_at":"2023-11-07 04:07:00"},"problem_types":["CWE-347"],"metrics":[],"references":[{"url":"https://tetraburst.com/","name":"https://tetraburst.com/","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-23772","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23772","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"23772","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"motorola","cpe5":"mbts_site_controller","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"23772","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"motorola","cpe5":"mbts_site_controller_firmware","cpe6":"r05.32.58","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-23772","ASSIGNER":"cert@ncsc.nl","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Verification of Cryptographic Signature","cweId":"CWE-347"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Motorola","product":{"product_data":[{"product_name":"MBTS Site Controller","version":{"version_data":[{"version_affected":"=","version_value":"R05.32.58"}]}}]}}]}},"references":{"reference_data":[{"url":"https://tetraburst.com/","refsource":"MISC","name":"https://tetraburst.com/"}]},"credits":[{"lang":"en","value":"Midnight Blue"}],"impact":{"cvss":[{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:H/MUI:N/MS:U/MC:H/MI:H/MA:H"}]}},"nvd":{"publishedDate":"2023-08-29 09:15:00","lastModifiedDate":"2023-11-07 04:07:00","problem_types":["CWE-347"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}