CVE-2022-3703 - OpenCVE

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Etictelecom	Ras-ew-220 Remote Access Server Firmware Ras-ew-400 Ras-e-400 Ras-ec-400-lw Ras-ew-100 Ras-ec-480-lw Rfm-e Ras-e-220 Ras-ecw-220-lw Ras-ecw-400-lw Ras-ec-220-lw Ras-e-100 Ras-c-100-lw

Configuration 1 [-]

AND

cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:etictelecom:ras-c-100-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-100:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-220:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-400:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-220-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-400-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-480-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-100:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-220:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-400:-:::::::*
	cpe:2.3:h:etictelecom:rfm-e:-:::::::*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01	Patch Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2022-11-03T00:00:00

Updated: 2023-08-23T16:11:43.290Z

Reserved: 2022-10-26T00:00:00

Link: CVE-2022-3703

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-10T22:15:14.647

Modified: 2024-02-01T18:17:33.463

Link: CVE-2022-3703

JSON object: View

Redhat Information

No data.

CWE

CWE-345

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3703", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "datePublished": "2022-11-03T00:00:00", "dateUpdated": "2023-08-23T16:11:43.290Z", "dateReserved": "2022-10-26T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Remote Access Server (RAS)", "vendor": "ETIC Telecom", "versions": [{"lessThanOrEqual": "4.5.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA"}], "datePublic": "2022-11-03T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.</p>"}], "value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-08-23T16:11:43.290Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>ETIC Telecom recommends updating the firmware of the affected devices to the following versions:<br></p><ul><li><p>ETIC Telecom RAS: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.etictelecom.com/en/softwares-download/\">version 4.7.0 or later</a></p></li></ul><p>For the installed devices, ETIC Telecom recommends:</p><ul><li>For all firmware versions 4.7.0 and above, there is a code signature verification for firmware packages. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify: (1) That the downloaded firmware comes from a trusted source (ETIC Telecom web site), and (2) The hash of the firmware files.</li></ul>\n\n<br>"}], "value": "\nETIC Telecom recommends updating the firmware of the affected devices to the following versions:\n\n\n * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \n\n\n\n\nFor the installed devices, ETIC Telecom recommends:\n\n * For all firmware versions 4.7.0 and above, there is a code signature verification for firmware packages. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify: (1) That the downloaded firmware comes from a trusted source (ETIC Telecom web site), and (2) The hash of the firmware files.\n\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity", "x_generator": {"engine": "Vulnogram 0.0.9"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5", "versionEndIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", "matchCriteriaId": "C32ED13F-237B-441C-8032-F54615AEFC73", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", "matchCriteriaId": "86536932-B27A-4028-829D-2924CD431C54", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "52E2D325-0AE3-4459-9F27-5CC19349F060", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "50EEA797-3218-44FE-8D93-178C40F4BF17", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "E768A79E-BBFD-47C1-8535-1F721D92575C", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1D86798-3C5F-40A9-BF41-0602F78A027B", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "D12CC48E-6DAC-4412-9068-04B774540500", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D7A25F4-412A-4D16-922F-1219B86E31A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", "matchCriteriaId": "32675A39-A1B3-4773-902A-6E6F8A72D16D", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7543976-5400-4A9E-8E62-CB65FD00D0E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.\n\n"}, {"lang": "es", "value": "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y el portal web anterior son vulnerables a aceptar paquetes de firmware maliciosos que podr\u00edan proporcionar backdoor a un atacante y proporcionar una escalada de privilegios al dispositivo."}], "id": "CVE-2022-3703", "lastModified": "2024-02-01T18:17:33.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-11-10T22:15:14.647", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}