cve-2022-41607
Vulnerability from cvelistv5
Published
2022-11-10 21:31
Modified
2024-10-15 17:13
Severity ?
6.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
EPSS score ?
0.17% (0.3912)
Summary
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.
References
ics-cert@hq.dhs.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01Patch, Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
ETIC Telecom Remote Access Server (RAS) Version: 0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:49:43.447Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-41607",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-15T17:09:18.602933Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-15T17:13:11.103Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Remote Access Server (RAS)",
               vendor: "ETIC Telecom",
               versions: [
                  {
                     lessThanOrEqual: "4.5.0",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.",
            },
         ],
         datePublic: "2022-11-03T06:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.</p>",
                  },
               ],
               value: "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-22",
                     description: "CWE-22 Path Traversal",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-23T16:09:58.159Z",
            orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            shortName: "icscert",
         },
         references: [
            {
               url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01",
            },
         ],
         solutions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>ETIC Telecom recommends updating the firmware of the affected devices to the following versions:<br></p><ul><li><p>ETIC Telecom RAS: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.etictelecom.com/en/softwares-download/\">version 4.7.0 or later</a></p></li></ul>For the installed devices, ETIC Telecom recommends:<ul><li>This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.</li></ul>\n\n<br>",
                  },
               ],
               value: "ETIC Telecom recommends updating the firmware of the affected devices to the following versions:\n\n\n  *  ETIC Telecom RAS:  version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \n\n\n\n\nFor the installed devices, ETIC Telecom recommends:  *  This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "ETIC Telecom Remote Access Server Path Traversal",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
      assignerShortName: "icscert",
      cveId: "CVE-2022-41607",
      datePublished: "2022-11-10T21:31:26.863838Z",
      dateReserved: "2022-09-29T00:00:00",
      dateUpdated: "2024-10-15T17:13:11.103Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2022-41607\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-11-10T22:15:15.323\",\"lastModified\":\"2024-11-21T07:23:28.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.\"},{\"lang\":\"es\",\"value\":\"Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y la interfaz programable de aplicaciones (API) anterior son vulnerables a directory traversal a través de varios métodos diferentes. Esto podría permitir a un atacante leer archivos confidenciales del servidor, incluidas claves privadas SSH, contraseñas, scripts, objetos Python, archivos de bases de datos y más.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.5.0\",\"matchCriteriaId\":\"7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F02AE2-6AC3-492E-9E91-E9F0725A1EEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C32ED13F-237B-441C-8032-F54615AEFC73\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86536932-B27A-4028-829D-2924CD431C54\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52E2D325-0AE3-4459-9F27-5CC19349F060\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50EEA797-3218-44FE-8D93-178C40F4BF17\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E768A79E-BBFD-47C1-8535-1F721D92575C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1D86798-3C5F-40A9-BF41-0602F78A027B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12CC48E-6DAC-4412-9068-04B774540500\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D7A25F4-412A-4D16-922F-1219B86E31A0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32675A39-A1B3-4773-902A-6E6F8A72D16D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7543976-5400-4A9E-8E62-CB65FD00D0E1\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:49:43.447Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41607\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T17:09:18.602933Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T17:10:53.169Z\"}}], \"cna\": {\"title\": \"ETIC Telecom Remote Access Server Path Traversal\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ETIC Telecom\", \"product\": \"Remote Access Server (RAS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.5.0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"ETIC Telecom recommends updating the firmware of the affected devices to the following versions:\\n\\n\\n  *  ETIC Telecom RAS:  version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \\n\\n\\n\\n\\nFor the installed devices, ETIC Telecom recommends:  *  This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<p>ETIC Telecom recommends updating the firmware of the affected devices to the following versions:<br></p><ul><li><p>ETIC Telecom RAS: <a target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.etictelecom.com/en/softwares-download/\\\">version 4.7.0 or later</a></p></li></ul>For the installed devices, ETIC Telecom recommends:<ul><li>This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.</li></ul>\\n\\n<br>\", \"base64\": false}]}], \"datePublic\": \"2022-11-03T06:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<p>All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.</p>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-08-23T16:09:58.159Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2022-41607\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-15T17:13:11.103Z\", \"dateReserved\": \"2022-09-29T00:00:00\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-11-10T21:31:26.863838Z\", \"assignerShortName\": \"icscert\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.