CVE-2023-3453

Published: Aug 23, 2023Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

Affected (1)

Products: Etictelecom: Remote Access Server Firmware

Etictelecom

1 product

Remote Access Server Firmware

Configuration A

1 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Etictelecom Remote Access Server Firmware	Up to 4.7.0

Running on/with	Platform Versions
Etictelecom Ras C 100 Lw	All versions
Etictelecom Ras E 100	All versions
Etictelecom Ras E 220	All versions
Etictelecom Ras E 400	All versions
Etictelecom Ras Ec 220 Lw	All versions
Etictelecom Ras Ec 400 Lw	All versions
Etictelecom Ras Ec 480 Lw	All versions
Etictelecom Ras Ecw 220 Lw	All versions
Etictelecom Ras Ecw 400 Lw	All versions
Etictelecom Ras Ew 100	All versions
Etictelecom Ras Ew 220	All versions
Etictelecom Ras Ew 400	All versions
Etictelecom Rfm E	All versions

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.