Lucene search

IcscertCVELIST:CVE-2022-41607

HistoryNov 03, 2022 - 12:00 a.m.

CVE-2022-41607 ETIC Telecom Remote Access Server Path Traversal

2022-11-0300:00:00

CWE-22

icscert

www.cve.org

etic telecom

ras

path traversal

vulnerability

api

directory traversal

sensitive files

ssh

private keys

passwords

scripts

python objects

database files

6.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

51.0%

JSON

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Remote Access Server (RAS)",
    "vendor": "ETIC Telecom",
    "versions": [
      {
        "lessThanOrEqual": "4.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

6.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

51.0%

JSON

Related for CVELIST:CVE-2022-41607