What is CVE-2023-2586?

CVE-2023-2586 is a critical-severity vulnerability in Teltonika Remote Management System, classified under Improper Authentication. CVSS score: 9.0/10. Published 2023-05-22.

How severe is CVE-2023-2586?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Auth bypass in Teltonika Remote Management System

CVE-2023-2586

Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by defa…

Vulnerability class: Broken Authentication

EPSS: 0.009 (75.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Teltonika Remote Management System — versions 0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 (government-resource)

Frequently asked questions

What is CVE-2023-2586?: CVE-2023-2586 is a critical-severity vulnerability in Teltonika Remote Management System, classified under Improper Authentication. CVSS score: 9.0/10. Published 2023-05-22.
How severe is CVE-2023-2586?: Critical severity. CVSS v3 base score is 9.0 out of 10.