← Back

CVE-2022-41607

nvd nist
Published: Nov 10, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

Affected (1)

Etictelecom
1 product
Remote Access Server Firmware
Configuration A
1 vulnerable · 13 platform
Vulnerable SoftwareAffected Versions
Remote Access Server Firmware
Up to 4.5.0
Running on/withPlatform Versions
Etictelecom
Ras C 100 Lw
All versions
Etictelecom
Ras E 100
All versions
Etictelecom
Ras E 220
All versions
Etictelecom
Ras E 400
All versions
Etictelecom
Ras Ec 220 Lw
All versions
Etictelecom
Ras Ec 400 Lw
All versions
Etictelecom
Ras Ec 480 Lw
All versions
Etictelecom
Ras Ecw 220 Lw
All versions
Etictelecom
Ras Ecw 400 Lw
All versions
Etictelecom
Ras Ew 100
All versions
Etictelecom
Ras Ew 220
All versions
Etictelecom
Ras Ew 400
All versions
Etictelecom
Rfm E
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: ics-cert@hq.dhs.gov
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.