Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication
CVE-2023-4299

9CRITICAL

What is CVE-2023-4299?

The Digi RealPort Protocol contains a security flaw allowing attackers to execute a replay attack. This vulnerability could enable unauthorized users to bypass authentication mechanisms, thereby gaining inappropriate access to connected equipment. It is crucial for users and administrators to assess their security postures and implement protective measures against this potential exploit.

Affected Version(s)

Digi CM Console Server all versions

Digi Connect ES 0 < 2.26.2.4

Digi Connect SP all versions

References

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Reid Wightman of Dragos, Inc reported this vulnerability to Digi International.
.