CVE-2022-3703

Published: Nov 10, 2022Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.

Affected (1)

Products: Etictelecom: Remote Access Server Firmware

Etictelecom

1 product

Remote Access Server Firmware

Configuration A

1 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Etictelecom Remote Access Server Firmware	Up to 4.5.0

Running on/with	Platform Versions
Etictelecom Ras C 100 Lw	All versions
Etictelecom Ras E 100	All versions
Etictelecom Ras E 220	All versions
Etictelecom Ras E 400	All versions
Etictelecom Ras Ec 220 Lw	All versions
Etictelecom Ras Ec 400 Lw	All versions
Etictelecom Ras Ec 480 Lw	All versions
Etictelecom Ras Ecw 220 Lw	All versions
Etictelecom Ras Ecw 400 Lw	All versions
Etictelecom Ras Ew 100	All versions
Etictelecom Ras Ew 220	All versions
Etictelecom Ras Ew 400	All versions
Etictelecom Rfm E	All versions

Related CWEs

CWE-345

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.