{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-41607", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.\n\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22 Path Traversal", "cweId": "CWE-22" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "ETIC Telecom", "product": { "product_data": [ { "product_name": "Remote Access Server (RAS)", "version": { "version_data": [ { "version_affected": "<=", "version_name": "0", "version_value": "4.5.0" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", "refsource": "MISC", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "source": { "discovery": "EXTERNAL" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n

ETIC Telecom recommends updating the firmware of the affected devices to the following versions:

For the installed devices, ETIC Telecom recommends:\n\n
" } ], "value": "\nETIC Telecom recommends updating the firmware of the affected devices to the following versions:\n\n\n * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \n\n\n\n\nFor the installed devices, ETIC Telecom recommends: * This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.\n\n\n\n\n\n" } ], "credits": [ { "lang": "en", "value": "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" } ] } }