CVE-2022-40981

Published: Nov 10, 2022Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Affected (1)

Products: Etictelecom: Remote Access Server Firmware

Etictelecom

1 product

Remote Access Server Firmware

Configuration A

1 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Etictelecom Remote Access Server Firmware	Up to 4.5.0

Running on/with	Platform Versions
Etictelecom Ras C 100 Lw	All versions
Etictelecom Ras E 100	All versions
Etictelecom Ras E 220	All versions
Etictelecom Ras E 400	All versions
Etictelecom Ras Ec 220 Lw	All versions
Etictelecom Ras Ec 400 Lw	All versions
Etictelecom Ras Ec 480 Lw	All versions
Etictelecom Ras Ecw 220 Lw	All versions
Etictelecom Ras Ecw 400 Lw	All versions
Etictelecom Ras Ew 100	All versions
Etictelecom Ras Ew 220	All versions
Etictelecom Ras Ew 400	All versions
Etictelecom Rfm E	All versions

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.