CVE-2023-3453

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3453
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 Patch Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:17

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 - Patch, Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 - Patch, Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : 8.1 		v2 : unknown
v3 : 7.1
Summary
  • (es) La autenticación del portal de gestión en webETIC Telecom RAS versiones 4.7.0 y anteriores está deshabilitada por defecto. Esto podría permitir a un atacante con acceso a la red adyacente alterar la configuración del dispositivo o causar una condición de denegación de servicio.

28 Dec 2023, 19:26

Type Values Removed Values Added
CPE cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:* cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
First Time Etictelecom ras-e-100
Etictelecom ras-e-220
Etictelecom rfm-e
Etictelecom ras-ec-480-lw
Etictelecom ras-ecw-220-lw
Etictelecom remote Access Server Firmware
Etictelecom ras-ew-100
Etictelecom ras-ec-220-lw
Etictelecom ras-ecw-400-lw
Etictelecom ras-ec-400-lw
Etictelecom ras-ew-220
Etictelecom ras-c-100-lw
Etictelecom ras-ew-400
Etictelecom ras-e-400
Information

Published : 2023-08-23 22:15

Updated : 2024-11-21 08:17

NVD link : CVE-2023-3453

Mitre link : CVE-2023-3453

CVE.ORG link : CVE-2023-3453

JSON object : View

Products Affected

etictelecom

  • ras-ec-480-lw
  • ras-e-100
  • ras-e-400
  • ras-ec-400-lw
  • ras-ew-220
  • ras-ew-400
  • rfm-e
  • ras-ec-220-lw
  • ras-ecw-400-lw
  • ras-e-220
  • ras-ecw-220-lw
  • ras-c-100-lw
  • remote_access_server_firmware
  • ras-ew-100
CWE
CWE-1188

Initialization of a Resource with an Insecure Default