Vulnerabilites related to etictelecom - remote_access_server_firmware
cve-2023-3453
Vulnerability from cvelistv5
Published
2023-08-23 21:14
Modified
2024-09-30 19:13
Severity ?
EPSS score ?
Summary
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ETIC Telecom | Remote Access Server (RAS) |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:55:03.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3453", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T19:09:13.772804Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T19:13:47.408Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Remote Access Server (RAS)", vendor: "ETIC Telecom", versions: [ { lessThanOrEqual: "4.7.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Haviv Vaizman of OTORIO", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Hay Mizrachi of OTORIO", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Alik Koldobsky of OTORIO", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ofir Manzur of OTORIO", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Nikolay Sokolik of OTORIO", }, ], datePublic: "2023-07-27T19:05:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.</span>\n\n", }, ], value: "\nETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1188", description: "CWE-1188 Insecure Default Initialization of Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-23T21:14:17.553Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to <span style=\"background-color: var(--wht);\">ETIC Telecom RAS: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.etictelecom.com/en/softwares-download/\">version 4.9.0 or later</a>", }, ], value: "Update to ETIC Telecom RAS: version 4.9.0 or later https://www.etictelecom.com/en/softwares-download/ ", }, ], source: { advisory: "ICSA-23-208-01", discovery: "EXTERNAL", }, title: "ETIC Telecom Insecure Default Initialization of Resource", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>ETIC Telecom recommends enabling the authentication mechanism on the administration interface. This can be done on the page “> Setup > Security > Administration right” by creating an administrator on the “List of administrators” table, enabling the parameter “Password protect the configuration interface,” then setting the parameter “Protocols to use for configuration” to “HTTPs only”.</p><p>NOTE: for firmware versions 4.9.0 or later, enabling the administration protection is mandatory after the first product start.</p>\n\n<br>", }, ], value: "\nETIC Telecom recommends enabling the authentication mechanism on the administration interface. This can be done on the page “> Setup > Security > Administration right” by creating an administrator on the “List of administrators” table, enabling the parameter “Password protect the configuration interface,” then setting the parameter “Protocols to use for configuration” to “HTTPs only”.\n\nNOTE: for firmware versions 4.9.0 or later, enabling the administration protection is mandatory after the first product start.\n\n\n\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2023-3453", datePublished: "2023-08-23T21:14:17.553Z", dateReserved: "2023-06-28T20:05:19.353Z", dateUpdated: "2024-09-30T19:13:47.408Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40981
Vulnerability from cvelistv5
Published
2022-11-10 21:31
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ETIC Telecom | Remote Access Server (RAS) |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:28:42.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Remote Access Server (RAS)", vendor: "ETIC Telecom", versions: [ { lessThanOrEqual: "4.5.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.", }, ], datePublic: "2022-11-03T06:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.</p>", }, ], value: "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-23T16:09:26.867Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>ETIC Telecom recommends updating the firmware of the affected devices to the following versions:<br></p><ul><li><p>ETIC Telecom RAS: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.etictelecom.com/en/softwares-download/\">version 4.7.0 or later</a></p></li></ul><p>For the installed devices, ETIC Telecom recommends:</p><ul><li><span style=\"background-color: var(--wht);\">For all firmware versions 4.7.0 and above, only valid configuration files can be uploaded to the device. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.</span><br></li></ul>\n\n<br>", }, ], value: "ETIC Telecom recommends updating the firmware of the affected devices to the following versions:\n\n\n * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \n\n\n\n\nFor the installed devices, ETIC Telecom recommends:\n\n * For all firmware versions 4.7.0 and above, only valid configuration files can be uploaded to the device. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.", }, ], source: { discovery: "EXTERNAL", }, title: "ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-40981", datePublished: "2022-11-10T21:31:47.402130Z", dateReserved: "2022-09-29T00:00:00", dateUpdated: "2024-09-16T23:40:42.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41607
Vulnerability from cvelistv5
Published
2022-11-10 21:31
Modified
2024-10-15 17:13
Severity ?
EPSS score ?
Summary
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ETIC Telecom | Remote Access Server (RAS) |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41607", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:09:18.602933Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:13:11.103Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Remote Access Server (RAS)", vendor: "ETIC Telecom", versions: [ { lessThanOrEqual: "4.5.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.", }, ], datePublic: "2022-11-03T06:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.</p>", }, ], value: "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-23T16:09:58.159Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>ETIC Telecom recommends updating the firmware of the affected devices to the following versions:<br></p><ul><li><p>ETIC Telecom RAS: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.etictelecom.com/en/softwares-download/\">version 4.7.0 or later</a></p></li></ul>For the installed devices, ETIC Telecom recommends:<ul><li>This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.</li></ul>\n\n<br>", }, ], value: "ETIC Telecom recommends updating the firmware of the affected devices to the following versions:\n\n\n * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \n\n\n\n\nFor the installed devices, ETIC Telecom recommends: * This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.", }, ], source: { discovery: "EXTERNAL", }, title: "ETIC Telecom Remote Access Server Path Traversal", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-41607", datePublished: "2022-11-10T21:31:26.863838Z", dateReserved: "2022-09-29T00:00:00", dateUpdated: "2024-10-15T17:13:11.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3703
Vulnerability from cvelistv5
Published
2022-11-10 21:32
Modified
2025-04-16 17:43
Severity ?
EPSS score ?
Summary
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ETIC Telecom | Remote Access Server (RAS) |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:57.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3703", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-16T17:26:06.575715Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-16T17:43:14.326Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Remote Access Server (RAS)", vendor: "ETIC Telecom", versions: [ { lessThanOrEqual: "4.5.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA", }, ], datePublic: "2022-11-03T06:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.</p>", }, ], value: "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-345", description: "CWE-345 Insufficient Verification of Data Authenticity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-23T16:11:43.290Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>ETIC Telecom recommends updating the firmware of the affected devices to the following versions:<br></p><ul><li><p>ETIC Telecom RAS: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.etictelecom.com/en/softwares-download/\">version 4.7.0 or later</a></p></li></ul><p>For the installed devices, ETIC Telecom recommends:</p><ul><li>For all firmware versions 4.7.0 and above, there is a code signature verification for firmware packages. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify: (1) That the downloaded firmware comes from a trusted source (ETIC Telecom web site), and (2) The hash of the firmware files.</li></ul>\n\n<br>", }, ], value: "ETIC Telecom recommends updating the firmware of the affected devices to the following versions:\n\n\n * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \n\n\n\n\nFor the installed devices, ETIC Telecom recommends:\n\n * For all firmware versions 4.7.0 and above, there is a code signature verification for firmware packages. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify: (1) That the downloaded firmware comes from a trusted source (ETIC Telecom web site), and (2) The hash of the firmware files.", }, ], source: { discovery: "EXTERNAL", }, title: "ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-3703", datePublished: "2022-11-10T21:32:01.836Z", dateReserved: "2022-10-26T00:00:00.000Z", dateUpdated: "2025-04-16T17:43:14.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-11-10 22:15
Modified
2024-11-21 07:20
Severity ?
7.6 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", matchCriteriaId: "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", matchCriteriaId: "C32ED13F-237B-441C-8032-F54615AEFC73", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", matchCriteriaId: "86536932-B27A-4028-829D-2924CD431C54", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "52E2D325-0AE3-4459-9F27-5CC19349F060", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "50EEA797-3218-44FE-8D93-178C40F4BF17", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "E768A79E-BBFD-47C1-8535-1F721D92575C", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "F1D86798-3C5F-40A9-BF41-0602F78A027B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", matchCriteriaId: "D12CC48E-6DAC-4412-9068-04B774540500", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", matchCriteriaId: "7D7A25F4-412A-4D16-922F-1219B86E31A0", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", matchCriteriaId: "32675A39-A1B3-4773-902A-6E6F8A72D16D", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", matchCriteriaId: "B7543976-5400-4A9E-8E62-CB65FD00D0E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.", }, { lang: "es", value: "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y el portal web anterior son vulnerables a aceptar paquetes de firmware maliciosos que podrían proporcionar backdoor a un atacante y proporcionar una escalada de privilegios al dispositivo.", }, ], id: "CVE-2022-3703", lastModified: "2024-11-21T07:20:04.203", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-10T22:15:14.647", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-10 22:15
Modified
2024-11-21 07:23
Severity ?
6.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", matchCriteriaId: "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", matchCriteriaId: "C32ED13F-237B-441C-8032-F54615AEFC73", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", matchCriteriaId: "86536932-B27A-4028-829D-2924CD431C54", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "52E2D325-0AE3-4459-9F27-5CC19349F060", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "50EEA797-3218-44FE-8D93-178C40F4BF17", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "E768A79E-BBFD-47C1-8535-1F721D92575C", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "F1D86798-3C5F-40A9-BF41-0602F78A027B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", matchCriteriaId: "D12CC48E-6DAC-4412-9068-04B774540500", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", matchCriteriaId: "7D7A25F4-412A-4D16-922F-1219B86E31A0", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", matchCriteriaId: "32675A39-A1B3-4773-902A-6E6F8A72D16D", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", matchCriteriaId: "B7543976-5400-4A9E-8E62-CB65FD00D0E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.", }, { lang: "es", value: "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y la interfaz programable de aplicaciones (API) anterior son vulnerables a directory traversal a través de varios métodos diferentes. Esto podría permitir a un atacante leer archivos confidenciales del servidor, incluidas claves privadas SSH, contraseñas, scripts, objetos Python, archivos de bases de datos y más.", }, ], id: "CVE-2022-41607", lastModified: "2024-11-21T07:23:28.887", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 4, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-10T22:15:15.323", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-10 22:15
Modified
2024-11-21 07:22
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5", versionEndIncluding: "4.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", matchCriteriaId: "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", matchCriteriaId: "C32ED13F-237B-441C-8032-F54615AEFC73", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", matchCriteriaId: "86536932-B27A-4028-829D-2924CD431C54", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "52E2D325-0AE3-4459-9F27-5CC19349F060", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "50EEA797-3218-44FE-8D93-178C40F4BF17", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "E768A79E-BBFD-47C1-8535-1F721D92575C", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "F1D86798-3C5F-40A9-BF41-0602F78A027B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", matchCriteriaId: "D12CC48E-6DAC-4412-9068-04B774540500", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", matchCriteriaId: "7D7A25F4-412A-4D16-922F-1219B86E31A0", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", matchCriteriaId: "32675A39-A1B3-4773-902A-6E6F8A72D16D", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", matchCriteriaId: "B7543976-5400-4A9E-8E62-CB65FD00D0E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.", }, { lang: "es", value: "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y anteriores son vulnerables a la carga de archivos maliciosos. Un atacante podría aprovechar esto para almacenar archivos maliciosos en el servidor, lo que podría anular archivos sensibles y útiles existentes en el sistema de archivos, llenar el disco duro a su máxima capacidad o comprometer el dispositivo afectado o las computadoras con privilegios de nivel de administrador conectados al dispositivo afectado.", }, ], id: "CVE-2022-40981", lastModified: "2024-11-21T07:22:21.110", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 3.7, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-10T22:15:15.113", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-23 22:15
Modified
2024-11-21 08:17
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "418E040C-258B-4D39-AF47-62E801FF6D9A", versionEndIncluding: "4.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", matchCriteriaId: "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", matchCriteriaId: "C32ED13F-237B-441C-8032-F54615AEFC73", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", matchCriteriaId: "86536932-B27A-4028-829D-2924CD431C54", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "52E2D325-0AE3-4459-9F27-5CC19349F060", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "50EEA797-3218-44FE-8D93-178C40F4BF17", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "E768A79E-BBFD-47C1-8535-1F721D92575C", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", matchCriteriaId: "F1D86798-3C5F-40A9-BF41-0602F78A027B", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", matchCriteriaId: "D12CC48E-6DAC-4412-9068-04B774540500", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", matchCriteriaId: "7D7A25F4-412A-4D16-922F-1219B86E31A0", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", matchCriteriaId: "32675A39-A1B3-4773-902A-6E6F8A72D16D", vulnerable: false, }, { criteria: "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", matchCriteriaId: "B7543976-5400-4A9E-8E62-CB65FD00D0E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.\n\n", }, { lang: "es", value: "La autenticación del portal de gestión en webETIC Telecom RAS versiones 4.7.0 y anteriores está deshabilitada por defecto. Esto podría permitir a un atacante con acceso a la red adyacente alterar la configuración del dispositivo o causar una condición de denegación de servicio.", }, ], id: "CVE-2023-3453", lastModified: "2024-11-21T08:17:18.023", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-23T22:15:08.930", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1188", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }