CVE-2023-4299

moderate-risk
Published 2023-08-31

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.0/10 Critical
NETWORK / HIGH complexity

Affected Products (20)

Realport
Realport
Connectport Ts 8\/16 Firmware
Passport Firmware
Connectport Lts 8\/16\/32 Firmware
Cm Firmware
Portserver Ts Firmware
Portserver Ts Mei Firmware
Portserver Ts Mei Hardened Firmware
Portserver Ts M Mei Firmware
Portserver Ts P Mei Firmware
One Iap Firmware
One Ia Firmware
One Sp Ia Firmware
One Sp Firmware
Wr31 Firmware
Transport Wr11 Xt Firmware
Wr44 R Firmware
Wr21 Firmware
Connect Es Firmware

Affected Vendors

Digi

References (4)

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04
Vendor Advisory https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Drago...
Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04
Vendor Advisory https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Drago...
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 0/34 · Minimal
Exposure 20/34 · Moderate