8.1
CVE-2023-3453
- EPSS 0.03%
- Veröffentlicht 23.08.2023 22:15:08
- Zuletzt bearbeitet 21.11.2024 08:17:18
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Etictelecom ≫ Remote Access Server Firmware Version <= 4.7.0
Etictelecom ≫ Ras-c-100-lw Version-
Etictelecom ≫ Ras-e-100 Version-
Etictelecom ≫ Ras-e-220 Version-
Etictelecom ≫ Ras-e-400 Version-
Etictelecom ≫ Ras-ec-220-lw Version-
Etictelecom ≫ Ras-ec-400-lw Version-
Etictelecom ≫ Ras-ec-480-lw Version-
Etictelecom ≫ Ras-ecw-220-lw Version-
Etictelecom ≫ Ras-ecw-400-lw Version-
Etictelecom ≫ Ras-ew-100 Version-
Etictelecom ≫ Ras-ew-220 Version-
Etictelecom ≫ Ras-ew-400 Version-
Etictelecom ≫ Rfm-e Version-
Etictelecom ≫ Ras-e-100 Version-
Etictelecom ≫ Ras-e-220 Version-
Etictelecom ≫ Ras-e-400 Version-
Etictelecom ≫ Ras-ec-220-lw Version-
Etictelecom ≫ Ras-ec-400-lw Version-
Etictelecom ≫ Ras-ec-480-lw Version-
Etictelecom ≫ Ras-ecw-220-lw Version-
Etictelecom ≫ Ras-ecw-400-lw Version-
Etictelecom ≫ Ras-ew-100 Version-
Etictelecom ≫ Ras-ew-220 Version-
Etictelecom ≫ Ras-ew-400 Version-
Etictelecom ≫ Rfm-e Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.087 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| ics-cert@hq.dhs.gov | 7.1 | 2.8 | 3.7 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.