CVE-2023-23774

CVE Database · CVE-2023-23774

CVE-2023-23774

· HIGHModified

CVSS v3.1

8.4

EPSS

0.20%

Published

Aug 29, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-248CWE-755

Affected Products (4)

motorola · ebts_site_controller_firmwarevulnerable

motorola · ebts_site_controller

motorola · mbts_site_controller_firmwarevulnerable

motorola · mbts_site_controller

References (2)

https://tetraburst.com/

Not Applicable

https://tetraburst.com/

Not Applicable

KEV Catalog EPSS Scores Vendors All CVEs