Lucene search

IcscertCVELIST:CVE-2023-3453

HistoryAug 23, 2023 - 9:14 p.m.

CVE-2023-3453 ETIC Telecom Insecure Default Initialization of Resource

2023-08-2321:14:17

CWE-1188

icscert

www.cve.org

cve-2023-3453

etic telecom

default initialization

resource

adjacent network access

configuration alteration

denial-of-service

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Remote Access Server (RAS)",
    "vendor": "ETIC Telecom",
    "versions": [
      {
        "lessThanOrEqual": "4.7.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-208-01

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVELIST:CVE-2023-3453