CVE-2022-41607

{"id": "CVE-2022-41607", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.7}]}, "published": "2022-11-10T22:15:15.323", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more."}, {"lang": "es", "value": "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y la interfaz programable de aplicaciones (API) anterior son vulnerables a directory traversal a trav\u00e9s de varios m\u00e9todos diferentes. Esto podr\u00eda permitir a un atacante leer archivos confidenciales del servidor, incluidas claves privadas SSH, contrase\u00f1as, scripts, objetos Python, archivos de bases de datos y m\u00e1s."}], "lastModified": "2024-09-16T20:15:44.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5", "versionEndIncluding": "4.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF"}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB"}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C32ED13F-237B-441C-8032-F54615AEFC73"}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86536932-B27A-4028-829D-2924CD431C54"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52E2D325-0AE3-4459-9F27-5CC19349F060"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50EEA797-3218-44FE-8D93-178C40F4BF17"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E768A79E-BBFD-47C1-8535-1F721D92575C"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1D86798-3C5F-40A9-BF41-0602F78A027B"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D12CC48E-6DAC-4412-9068-04B774540500"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7D7A25F4-412A-4D16-922F-1219B86E31A0"}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32675A39-A1B3-4773-902A-6E6F8A72D16D"}, {"criteria": "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7543976-5400-4A9E-8E62-CB65FD00D0E1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}