Lucene search
HistoryNov 10, 2022 - 10:15 p.m.
CVE-2022-3703
etic
telecom
remote access server
vulnerability
malicious firmware
backdoor
privilege escalation
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.8%
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
Affected configurations
Node
etictelecomras-c-100-lwMatch-
ORetictelecomras-e-100Match-
ORetictelecomras-e-220Match-
ORetictelecomras-e-400Match-
ORetictelecomras-ec-220-lwMatch-
ORetictelecomras-ec-400-lwMatch-
ORetictelecomras-ec-480-lwMatch-
ORetictelecomras-ecw-220-lwMatch-
ORetictelecomras-ecw-400-lwMatch-
ORetictelecomras-ew-100Match-
ORetictelecomras-ew-220Match-
ORetictelecomras-ew-400Match-
ORetictelecomrfm-eMatch-
etictelecomremote_access_server_firmwareRange≤4.5.0
Related
cvelist
cvelist
cve
cve
CVE-2022-3703
2022-11-10 22:15:14
prion
prion
Privilege escalation
2022-11-10 22:15:00
ics
ics
ETIC Telecom Remote Access Server (RAS) (Update A)
2023-07-27 12:00:00
thn
thn
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.8%
Related for NVD:CVE-2022-3703