10

CVE-2022-3703

ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EtictelecomRemote Access Server Firmware Version <= 4.5.0
   EtictelecomRas-c-100-lw Version-
   EtictelecomRas-e-100 Version-
   EtictelecomRas-e-220 Version-
   EtictelecomRas-e-400 Version-
   EtictelecomRas-ec-220-lw Version-
   EtictelecomRas-ec-400-lw Version-
   EtictelecomRas-ec-480-lw Version-
   EtictelecomRas-ecw-220-lw Version-
   EtictelecomRas-ecw-400-lw Version-
   EtictelecomRas-ew-100 Version-
   EtictelecomRas-ew-220 Version-
   EtictelecomRas-ew-400 Version-
   EtictelecomRfm-e Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.204
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ics-cert@hq.dhs.gov 7.6 1 6
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01
Patch
Third Party Advisory
US Government Resource