mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
184 lines
6.1 KiB
JSON
184 lines
6.1 KiB
JSON
{
|
|
"id": "CVE-2022-3703",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2022-11-10T22:15:14.647",
|
|
"lastModified": "2024-11-21T07:20:04.203",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y el portal web anterior son vulnerables a aceptar paquetes de firmware maliciosos que podr\u00edan proporcionar backdoor a un atacante y proporcionar una escalada de privilegios al dispositivo."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
|
|
"baseScore": 7.6,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.0,
|
|
"impactScore": 6.0
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
|
"baseScore": 10.0,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 6.0
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-345"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.5.0",
|
|
"matchCriteriaId": "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C32ED13F-237B-441C-8032-F54615AEFC73"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "86536932-B27A-4028-829D-2924CD431C54"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "52E2D325-0AE3-4459-9F27-5CC19349F060"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "50EEA797-3218-44FE-8D93-178C40F4BF17"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E768A79E-BBFD-47C1-8535-1F721D92575C"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1D86798-3C5F-40A9-BF41-0602F78A027B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D12CC48E-6DAC-4412-9068-04B774540500"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7D7A25F4-412A-4D16-922F-1219B86E31A0"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32675A39-A1B3-4773-902A-6E6F8A72D16D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7543976-5400-4A9E-8E62-CB65FD00D0E1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |