CVE-2022-41607

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:etictelecom:ras-c-100-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-100:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-220:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-400:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-220-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-400-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-480-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-100:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-220:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-400:-:::::::*
	cpe:2.3:h:etictelecom:rfm-e:-:::::::*

History

No history.

Information

Published : 2022-11-10 22:15

Updated : 2023-12-28 19:15

NVD link : CVE-2022-41607

Mitre link : CVE-2022-41607

CVE.ORG link : CVE-2022-41607

JSON object : View

Products Affected

etictelecom

ras-ew-400
ras-ew-100
ras-e-400
ras-ec-400-lw
ras-ecw-220-lw
ras-e-220
ras-e-100
remote_access_server_firmware
ras-c-100-lw
ras-ec-220-lw
ras-ew-220
ras-ec-480-lw
rfm-e
ras-ecw-400-lw

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-41607", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.7}]}, "published": "2022-11-10T22:15:15.323", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.\n\n"}, {"lang": "es", "value": "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y la interfaz programable de aplicaciones (API) anterior son vulnerables a directory traversal a trav\u00e9s de varios m\u00e9todos diferentes. Esto podr\u00eda permitir a un atacante leer archivos confidenciales del servidor, incluidas claves privadas SSH, contrase\u00f1as, scripts, objetos Python, archivos de bases de datos y m\u00e1s."}], "lastModified": "2023-12-28T19:15:31.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5", "versionEndIncluding": "4.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF"}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB"}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C32ED13F-237B-441C-8032-F54615AEFC73"}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86536932-B27A-4028-829D-2924CD431C54"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52E2D325-0AE3-4459-9F27-5CC19349F060"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50EEA797-3218-44FE-8D93-178C40F4BF17"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E768A79E-BBFD-47C1-8535-1F721D92575C"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1D86798-3C5F-40A9-BF41-0602F78A027B"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D12CC48E-6DAC-4412-9068-04B774540500"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7D7A25F4-412A-4D16-922F-1219B86E31A0"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32675A39-A1B3-4773-902A-6E6F8A72D16D"}, {"criteria": "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7543976-5400-4A9E-8E62-CB65FD00D0E1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}