Login Sign Up

CVE-2023-0344

9.1 CRITICAL

📋 TL;DR

Akuvox E11 devices use a custom Dropbear SSH server with an insecure option not present in official versions, potentially allowing unauthorized access. This affects Akuvox E11 devices running vulnerable firmware versions. The vulnerability could enable attackers to bypass authentication mechanisms.

💻 Affected Systems

Products:
  • Akuvox E11
Versions: Specific vulnerable versions not specified in CVE description; likely multiple firmware versions
Operating Systems: Embedded Linux (custom)
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the custom Dropbear SSH implementation used by Akuvox E11 devices.

📦 What is this software?

E11 Firmware by Akuvox

View all CVEs affecting E11 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote code execution, credential theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized SSH access leading to device configuration changes, data exfiltration, or use as a pivot point for further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - SSH servers exposed to the internet are directly vulnerable to exploitation attempts.
🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could exploit this vulnerability within the network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The insecure option likely enables authentication bypass or other security weaknesses in the SSH server implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in CVE description; check vendor advisory

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01

Restart Required: Yes

Instructions:

1. Check CISA advisory ICSA-23-068-01 for vendor updates. 2. Contact Akuvox for patched firmware. 3. Apply firmware update following vendor instructions. 4. Restart device after update.

🔧 Temporary Workarounds

Disable SSH Access

linux

Disable SSH service on affected devices if not required for operations

ssh service disable command specific to Akuvox E11 firmware

Network Access Control

linux

Restrict SSH access to trusted IP addresses only

iptables -A INPUT -p tcp --dport 22 -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

  • Isolate affected devices in separate network segments with strict firewall rules
  • Implement network monitoring and intrusion detection for SSH traffic anomalies

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor advisory; test SSH authentication with known vulnerable configurations

Check Version:

ssh admin@device_ip 'cat /etc/version' or device-specific version command

Verify Fix Applied:

Verify firmware version matches patched version from vendor; test SSH authentication attempts fail with previously working exploit methods

📡 Detection & Monitoring

Log Indicators:

  • Failed SSH authentication attempts from unexpected sources
  • Successful SSH logins from unknown IP addresses
  • SSH configuration changes

Network Indicators:

  • Unusual SSH traffic patterns
  • SSH connections from unexpected geographic locations
  • Multiple SSH authentication attempts

SIEM Query:

source="ssh_logs" AND (event="authentication failure" OR event="accepted password") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2023-0344
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Published: March 31, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON