CVE-2022-41607 - OpenCVE

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Etictelecom	Ras-ew-220 Remote Access Server Firmware Ras-ew-400 Ras-e-400 Ras-ec-400-lw Ras-ew-100 Ras-ec-480-lw Rfm-e Ras-e-220 Ras-ecw-220-lw Ras-ecw-400-lw Ras-ec-220-lw Ras-e-100 Ras-c-100-lw

Configuration 1 [-]

AND

cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:etictelecom:ras-c-100-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-100:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-220:-:::::::*
	cpe:2.3:h:etictelecom:ras-e-400:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-220-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-400-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ec-480-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-100:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-220:-:::::::*
	cpe:2.3:h:etictelecom:ras-ew-400:-:::::::*
	cpe:2.3:h:etictelecom:rfm-e:-:::::::*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01	Patch Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2022-11-03T00:00:00

Updated: 2023-08-23T16:09:58.159Z

Reserved: 2022-09-29T00:00:00

Link: CVE-2022-41607

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-10T22:15:15.323

Modified: 2023-12-28T19:15:31.467

Link: CVE-2022-41607

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41607", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "datePublished": "2022-11-03T00:00:00", "dateUpdated": "2023-08-23T16:09:58.159Z", "dateReserved": "2022-09-29T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Remote Access Server (RAS)", "vendor": "ETIC Telecom", "versions": [{"lessThanOrEqual": "4.5.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA."}], "datePublic": "2022-11-03T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.</p>"}], "value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-08-23T16:09:58.159Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>ETIC Telecom recommends updating the firmware of the affected devices to the following versions:<br></p><ul><li><p>ETIC Telecom RAS: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.etictelecom.com/en/softwares-download/\">version 4.7.0 or later</a></p></li></ul>For the installed devices, ETIC Telecom recommends:<ul><li>This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.</li></ul>\n\n<br>"}], "value": "\nETIC Telecom recommends updating the firmware of the affected devices to the following versions:\n\n\n * ETIC Telecom RAS: version 4.7.0 or later https://www.etictelecom.com/en/softwares-download/ \n\n\n\n\nFor the installed devices, ETIC Telecom recommends: * This issue has been fixed in version 4.7.0. For versions prior to 4.7.0, to reduce the attack surface, we advise the user to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.\n\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "ETIC Telecom Remote Access Server Path Traversal", "x_generator": {"engine": "Vulnogram 0.0.9"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AE4F7CD-BE37-40B5-9A53-39B42CD17EF5", "versionEndIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE45DD-78EE-4ACB-A1E5-C190BE642BDF", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "93F02AE2-6AC3-492E-9E91-E9F0725A1EEB", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*", "matchCriteriaId": "C32ED13F-237B-441C-8032-F54615AEFC73", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*", "matchCriteriaId": "86536932-B27A-4028-829D-2924CD431C54", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "52E2D325-0AE3-4459-9F27-5CC19349F060", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB8D1AA9-42C0-4546-A02E-91B3D7A8AD4B", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "50EEA797-3218-44FE-8D93-178C40F4BF17", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "E768A79E-BBFD-47C1-8535-1F721D92575C", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1D86798-3C5F-40A9-BF41-0602F78A027B", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "D12CC48E-6DAC-4412-9068-04B774540500", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D7A25F4-412A-4D16-922F-1219B86E31A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*", "matchCriteriaId": "32675A39-A1B3-4773-902A-6E6F8A72D16D", "vulnerable": false}, {"criteria": "cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7543976-5400-4A9E-8E62-CB65FD00D0E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior\u2019s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.\n\n"}, {"lang": "es", "value": "Todas las versiones de ETIC Telecom Remote Access Server (RAS) 4.5.0 y la interfaz programable de aplicaciones (API) anterior son vulnerables a directory traversal a trav\u00e9s de varios m\u00e9todos diferentes. Esto podr\u00eda permitir a un atacante leer archivos confidenciales del servidor, incluidas claves privadas SSH, contrase\u00f1as, scripts, objetos Python, archivos de bases de datos y m\u00e1s."}], "id": "CVE-2022-41607", "lastModified": "2023-12-28T19:15:31.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 4.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-11-10T22:15:15.323", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}