CVE-2023-3453

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3453
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
History

28 Dec 2023, 19:26

Type Values Removed Values Added
First Time Etictelecom ras-ecw-220-lw
Etictelecom ras-e-220
Etictelecom remote Access Server Firmware
Etictelecom ras-ec-480-lw
Etictelecom ras-ec-220-lw
Etictelecom ras-ew-220
Etictelecom ras-ew-400
Etictelecom ras-c-100-lw
Etictelecom ras-ecw-400-lw
Etictelecom ras-ec-400-lw
Etictelecom ras-ew-100
Etictelecom ras-e-100
Etictelecom rfm-e
Etictelecom ras-e-400
CPE cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:* cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*

01 Sep 2023, 18:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
CPE cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:*
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 - Patch, Third Party Advisory, US Government Resource
First Time Etictelecom
Etictelecom remote Access Server

23 Aug 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-23 22:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-3453

Mitre link : CVE-2023-3453

CVE.ORG link : CVE-2023-3453

JSON object : View

Products Affected

etictelecom

  • ras-ecw-220-lw
  • ras-e-220
  • ras-ec-220-lw
  • ras-ec-480-lw
  • ras-e-400
  • ras-e-100
  • ras-ec-400-lw
  • remote_access_server_firmware
  • ras-ew-100
  • ras-ew-220
  • ras-ecw-400-lw
  • ras-c-100-lw
  • rfm-e
  • ras-ew-400
CWE
CWE-1188

Insecure Default Initialization of Resource


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024