CVE-2022-3703

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-3703
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.

7.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 Patch Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 10.0 		v2 : unknown
v3 : 7.6
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 - Patch, Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 - Patch, Third Party Advisory, US Government Resource

16 Sep 2024, 23:15

Type Values Removed Values Added
Summary (en) All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device. (en) All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.

01 Feb 2024, 18:17

Type Values Removed Values Added
First Time Etictelecom ras-ew-400
Etictelecom ras-ecw-400-lw
Etictelecom ras-ew-100
Etictelecom rfm-e
Etictelecom ras-ec-480-lw
Etictelecom ras-e-400
Etictelecom ras-e-220
Etictelecom ras-ew-220
Etictelecom remote Access Server Firmware
Etictelecom ras-e-100
Etictelecom ras-c-100-lw
Etictelecom ras-ec-400-lw
Etictelecom ras-ec-220-lw
Etictelecom ras-ecw-220-lw
CPE cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:* cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*

23 Aug 2023, 16:15

Type Values Removed Values Added
Summary All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device. All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
Information

Published : 2022-11-10 22:15

Updated : 2024-11-21 07:20

NVD link : CVE-2022-3703

Mitre link : CVE-2022-3703

CVE.ORG link : CVE-2022-3703

JSON object : View

Products Affected

etictelecom

  • ras-ec-400-lw
  • remote_access_server_firmware
  • rfm-e
  • ras-c-100-lw
  • ras-ew-220
  • ras-ec-480-lw
  • ras-e-400
  • ras-ecw-220-lw
  • ras-ew-400
  • ras-e-220
  • ras-ecw-400-lw
  • ras-e-100
  • ras-ew-100
  • ras-ec-220-lw
CWE
CWE-345

Insufficient Verification of Data Authenticity