Lucene search

[email protected]NVD:CVE-2023-3453

HistoryAug 23, 2023 - 10:15 p.m.

CVE-2023-3453

2023-08-2322:15:08

CWE-1188

[email protected]

web.nvd.nist.gov

etic telecom ras

web management

authentication

vulnerability

adjacent network access

configuration

denial-of-service

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

Affected configurations

NVD

Node

etictelecomras-c-100-lwMatch-

etictelecomras-e-100Match-

etictelecomras-e-220Match-

etictelecomras-e-400Match-

etictelecomras-ec-220-lwMatch-

etictelecomras-ec-400-lwMatch-

etictelecomras-ec-480-lwMatch-

etictelecomras-ecw-220-lwMatch-

etictelecomras-ecw-400-lwMatch-

etictelecomras-ew-100Match-

etictelecomras-ew-220Match-

etictelecomras-ew-400Match-

etictelecomrfm-eMatch-

AND

etictelecomremote_access_server_firmwareRange≤4.7.0

References

www.cisa.gov/news-events/ics-advisories/icsa-23-208-01

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for NVD:CVE-2023-3453

ics1 cvelist1 cve1 prion1