CRITICAL🇵🇱 Wersja polska

CVE-2023-5347

CVSS 9.8v3.1pub. 2024-01-09upd. 2025-10-08

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

🤖 AI Analysis
How it works

The firmware update mechanism in Korenix JetNet devices does not properly verify the cryptographic signature of the delivered update package. An attacker can deliver a malicious operating system image that will be accepted and installed without confirming its authenticity. As a result, complete replacement of the device's operating system is possible, including trusted executable files. The network attack vector (AV:N), lack of required privileges (PR:N), and lack of user interaction (UI:N) make it possible for the exploit to be conducted remotely and fully automatically.

Impact

An attacker can gain complete control over the device by installing a malicious operating system, obtaining full access to the confidentiality, integrity, and availability of the device. The consequence could be permanent compromise of network infrastructure based on JetNet series switches.

Mitigation & patch

Korenix JetNet device firmware should be updated to version 2024/01 or newer. Additional information and patches are available from the manufacturer (Beijer Electronics) at the address indicated in the references.

Who is affected

Korenix JetNet Series devices with firmware older than version 2024/01, including models: Korenix Jetnet 5310G, Korenix Jetnet 4508, and Korenix Jetnet 4508I-W.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Korenix Jetnet 4508

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508 Firmware

    OS
    Korenix
    2.3
  • Korenix Jetnet 4508f M

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508f M Firmware

    OS
    Korenix
    2.3
  • Korenix Jetnet 4508f Mw

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508f Mw Firmware

    OS
    Korenix
    2.3
  • Korenix Jetnet 4508f S

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508f S Firmware

    OS
    Korenix
    2.3
  • Korenix Jetnet 4508f Sw

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508f Sw Firmware

    OS
    Korenix
    2.3
  • Korenix Jetnet 4508if M

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508if M Firmware

    OS
    Korenix
    1.3
  • Korenix Jetnet 4508if Mw

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508if Mw Firmware

    OS
    Korenix
    1.3
  • Korenix Jetnet 4508if S

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508if S Firmware

    OS
    Korenix
    1.3
  • Korenix Jetnet 4508if Sw

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508if Sw Firmware

    OS
    Korenix
    1.3
  • Korenix Jetnet 4508i W

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508i W Firmware

    OS
    Korenix
    1.3
  • Korenix Jetnet 4508 W

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 4508 W Firmware

    OS
    Korenix
    2.3
  • Korenix Jetnet 5310g

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 5310g Firmware

    OS
    Korenix
    2.6
  • Korenix Jetnet 5612g 4f

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 5612g 4f Firmware

    OS
    Korenix
    1.2
  • Korenix Jetnet 5612gp 4f

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 5612gp 4f Firmware

    OS
    Korenix
    1.2
  • Korenix Jetnet 5620g 4c

    HW
    Korenix
    wszystkie wersje
  • Korenix Jetnet 5620g 4c Firmware

    OS
    Korenix
    1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2017-14021CRITICAL9.8ten sam produkt

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet53...

CVE-2017-14027CRITICAL9.8ten sam produkt

A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G ve...

CVE-2023-5376HIGH8.6ten sam produkt

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affec...

CVE-2020-12501CRITICAL9.8ten sam vendor

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...

CVE-2020-12504CRITICAL9.8ten sam vendor

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...