Lucene search

IcscertCVELIST:CVE-2022-3703

HistoryNov 03, 2022 - 12:00 a.m.

CVE-2022-3703 ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity

2022-11-0300:00:00

CWE-345

icscert

www.cve.org

cve-2022-3703

etic telecom

remote access server

insufficient verification

data authenticity

vulnerable

firmware packages

backdoor

privilege escalation

7.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Remote Access Server (RAS)",
    "vendor": "ETIC Telecom",
    "versions": [
      {
        "lessThanOrEqual": "4.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

7.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for CVELIST:CVE-2022-3703