An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
The firmware update mechanism in Korenix JetNet devices does not properly verify the cryptographic signature of the delivered update package. An attacker can deliver a malicious operating system image that will be accepted and installed without confirming its authenticity. As a result, complete replacement of the device's operating system is possible, including trusted executable files. The network attack vector (AV:N), lack of required privileges (PR:N), and lack of user interaction (UI:N) make it possible for the exploit to be conducted remotely and fully automatically.
An attacker can gain complete control over the device by installing a malicious operating system, obtaining full access to the confidentiality, integrity, and availability of the device. The consequence could be permanent compromise of network infrastructure based on JetNet series switches.
Korenix JetNet device firmware should be updated to version 2024/01 or newer. Additional information and patches are available from the manufacturer (Beijer Electronics) at the address indicated in the references.
Korenix JetNet Series devices with firmware older than version 2024/01, including models: Korenix Jetnet 5310G, Korenix Jetnet 4508, and Korenix Jetnet 4508I-W.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HKorenix Jetnet 4508
HWKorenixwszystkie wersjeKorenix Jetnet 4508 Firmware
OSKorenix2.3Korenix Jetnet 4508f M
HWKorenixwszystkie wersjeKorenix Jetnet 4508f M Firmware
OSKorenix2.3Korenix Jetnet 4508f Mw
HWKorenixwszystkie wersjeKorenix Jetnet 4508f Mw Firmware
OSKorenix2.3Korenix Jetnet 4508f S
HWKorenixwszystkie wersjeKorenix Jetnet 4508f S Firmware
OSKorenix2.3Korenix Jetnet 4508f Sw
HWKorenixwszystkie wersjeKorenix Jetnet 4508f Sw Firmware
OSKorenix2.3Korenix Jetnet 4508if M
HWKorenixwszystkie wersjeKorenix Jetnet 4508if M Firmware
OSKorenix1.3Korenix Jetnet 4508if Mw
HWKorenixwszystkie wersjeKorenix Jetnet 4508if Mw Firmware
OSKorenix1.3Korenix Jetnet 4508if S
HWKorenixwszystkie wersjeKorenix Jetnet 4508if S Firmware
OSKorenix1.3Korenix Jetnet 4508if Sw
HWKorenixwszystkie wersjeKorenix Jetnet 4508if Sw Firmware
OSKorenix1.3Korenix Jetnet 4508i W
HWKorenixwszystkie wersjeKorenix Jetnet 4508i W Firmware
OSKorenix1.3Korenix Jetnet 4508 W
HWKorenixwszystkie wersjeKorenix Jetnet 4508 W Firmware
OSKorenix2.3Korenix Jetnet 5310g
HWKorenixwszystkie wersjeKorenix Jetnet 5310g Firmware
OSKorenix2.6Korenix Jetnet 5612g 4f
HWKorenixwszystkie wersjeKorenix Jetnet 5612g 4f Firmware
OSKorenix1.2Korenix Jetnet 5612gp 4f
HWKorenixwszystkie wersjeKorenix Jetnet 5612gp 4f Firmware
OSKorenix1.2Korenix Jetnet 5620g 4c
HWKorenixwszystkie wersjeKorenix Jetnet 5620g 4c Firmware
OSKorenix1.1
Related vulnerabilities
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet53...
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G ve...
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affec...
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...