Lucene search

[email protected]NVD:CVE-2022-40981

HistoryNov 10, 2022 - 10:15 p.m.

CVE-2022-40981

2022-11-1022:15:15

CWE-434

[email protected]

web.nvd.nist.gov

etic telecom

ras

vulnerability

malicious file upload

server compromise

administrator privileges

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

JSON

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Affected configurations

NVD

Node

etictelecomras-c-100-lwMatch-

etictelecomras-e-100Match-

etictelecomras-e-220Match-

etictelecomras-e-400Match-

etictelecomras-ec-220-lwMatch-

etictelecomras-ec-400-lwMatch-

etictelecomras-ec-480-lwMatch-

etictelecomras-ecw-220-lwMatch-

etictelecomras-ecw-400-lwMatch-

etictelecomras-ew-100Match-

etictelecomras-ew-220Match-

etictelecomras-ew-400Match-

etictelecomrfm-eMatch-

AND

etictelecomremote_access_server_firmwareRange≤4.5.0

References

www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for NVD:CVE-2022-40981

prion1 cvelist1 cve1 ics1 thn2