All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | Patch Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-11-03T00:00:00
Updated: 2023-08-23T16:09:58.159Z
Reserved: 2022-09-29T00:00:00
Link: CVE-2022-41607
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-10T22:15:15.323
Modified: 2023-12-28T19:15:31.467
Link: CVE-2022-41607
JSON object: View
Redhat Information
No data.
CWE