CVE-2023-3453
published 2023-08-23CVE-2023-3453: ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network…
PriorityP341high8.1CVSS 3.1
AVAACLPRNUINSUCNIHAH
EPSS
0.29%
20.6th percentile
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| etic_telecom | remote_access_server | <= 4.7.0 | — |
| etictelecom | remote_access_server_firmware | <= 4.7.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w3f5-3hvg-x2vg: ETIC Telecom RAS versions 4
ghsa_unreviewed·2023-08-24
CVE-2023-3453 [HIGH] CWE-1188 GHSA-w3f5-3hvg-x2vg: ETIC Telecom RAS versions 4
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
CISA ICS
ETIC Telecom RAS Authentication
cisa_ics·2023-07-27·CVSS 7.1
[HIGH] ETIC Telecom RAS Authentication
ICS Advisory
##
ETIC Telecom RAS Authentication
Release DateJuly 27, 2023
Alert CodeICSA-23-208-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.1
- ATTENTION: Exploitable with adjacent access/low attack complexity
- Vendor: ETIC Telecom
- Equipment: Remote Access Server (RAS)
- Vulnerability: Insecure Default Initialization of Resource
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of ETIC Telecom RAS are affected:
- ETIC Telecom RAS: All versions 4.7.0 and prior
## 3.2 VULNERABILITY OVERVIEW
3.2.1 INSECURE DEFAULT INITIALIZATION OF RESOURCE CWE-1188
ETIC Telecom RAS versions 4.7
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-23
Published