CVE-2023-4299

Published: Aug 31, 2023

Modified: Jan 16, 2025

PUBLISHED

CVSS v3.1

9.0

CRITICAL

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Vendor	Product	Versions
Digi International	Digi RealPort	affected `0 - <= 4.8.488.0`
Digi International	Digi RealPort	affected `0 - <= 1.9-40`
Digi International	Digi ConnectPort TS 8/16	affected `0 - < 2.26.2.4`
Digi International	Digi Passport Console Server	affected `all versions`
Digi International	Digi ConnectPort LTS 8/16/32	affected `0 - < 1.4.9`
Digi International	Digi CM Console Server	affected `all versions`
Digi International	Digi PortServer TS	affected `all versions`
Digi International	Digi PortServer TS MEI	affected `all versions`
Digi International	Digi PortServer TS MEI Hardened	affected `all versions`
Digi International	Digi PortServer TS M MEI	affected `all versions`
Digi International	Digi PortServer TS P MEI	affected `all versions`
Digi International	Digi One IAP Family	affected `all versions`
Digi International	Digi One IA	affected `all versions`
Digi International	Digi One SP IA	affected `all versions`
Digi International	Digi One SP	affected `all versions`
Digi International	Digi WR31	affected `all versions`
Digi International	Digi WR11 XT	affected `all versions`
Digi International	Digi WR44 R	affected `all versions`
Digi International	Digi WR21	affected `all versions`
Digi International	Digi Connect ES	affected `0 - < 2.26.2.4`
Digi International	Digi Connect SP	affected `all versions`
Digi International	Digi 6350-SR	unaffected `all versions`
Digi International	Digi ConnectCore 8X products	unaffected `all versions`

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.