CVE-2023-5376 is an Improper Authentication vulnerability (CWE-306) identified in the TFTP service of Korenix JetNet Series devices. These devices, widely used in industrial networking and automation, run firmware versions prior to 2024/01 that do not enforce authentication for critical TFTP functions. This lack of authentication allows remote attackers to abuse the TFTP service without any privileges or user interaction, potentially modifying device configurations or firmware images. The vulnerability has a CVSS v3.1 base score of 8.6, reflecting its high severity due to network attack vector, low attack complexity, no privileges required, no user interaction, and a scope change. While confidentiality is not impacted, the integrity of device operations can be compromised, which may lead to operational disruptions or facilitate further attacks within industrial control systems or network infrastructure. No public exploits are currently known, but the vulnerability's characteristics make it a prime target for attackers aiming to disrupt or manipulate critical infrastructure components. The issue affects all JetNet devices running firmware older than 2024/01, emphasizing the need for timely firmware updates. The vulnerability was reserved in October 2023 and published in January 2024 by CyberDanube.

For European organizations, especially those operating in industrial automation, manufacturing, transportation, and critical infrastructure sectors, this vulnerability poses a significant risk. Exploitation can lead to unauthorized modification of device firmware or configurations, potentially causing operational disruptions, safety hazards, or enabling lateral movement within networks. Given the widespread use of Korenix JetNet devices in industrial Ethernet applications, compromised devices could affect production lines, traffic control systems, or energy distribution networks. The integrity breach could result in downtime, financial losses, regulatory non-compliance, and reputational damage. Since the vulnerability can be exploited remotely without authentication, attackers can target exposed devices over the internet or less-secure internal networks. The absence of known exploits currently provides a window for mitigation, but the high severity score indicates that the threat could escalate rapidly if exploited in the wild.

1. Immediately inventory all Korenix JetNet devices in your environment and identify firmware versions. 2. Apply firmware updates to version 2024/01 or later as soon as they become available from Korenix. 3. Until patches are deployed, restrict network access to the TFTP service by implementing network segmentation and firewall rules that limit TFTP traffic to trusted management stations only. 4. Monitor network traffic for unusual TFTP activity, which may indicate exploitation attempts. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting unauthorized TFTP usage. 6. Review device configurations and logs regularly to detect unauthorized changes. 7. Engage with Korenix support or vendor advisories for any interim mitigations or updates. 8. Incorporate this vulnerability into risk assessments and incident response plans focused on industrial control systems. 9. Educate operational technology (OT) and IT teams about the risks and signs of exploitation related to this vulnerability.