Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication
CVE-2023-4299
9CRITICAL
What is CVE-2023-4299?
The Digi RealPort Protocol contains a security flaw allowing attackers to execute a replay attack. This vulnerability could enable unauthorized users to bypass authentication mechanisms, thereby gaining inappropriate access to connected equipment. It is crucial for users and administrators to assess their security postures and implement protective measures against this potential exploit.
Affected Version(s)
Digi CM Console Server all versions
Digi Connect ES 0 < 2.26.2.4
Digi Connect SP all versions
References
CVSS V3.1
Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Reid Wightman of Dragos, Inc reported this vulnerability to Digi International.
