CVE-2023-3453

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3453
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

8.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
History

28 Dec 2023, 19:26

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
CPE cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:rfm-e:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
cpe:2.3:h:etictelecom:ras-ew-400:-:*:*:*:*:*:*:*
First Time Etictelecom ras-ec-400-lw
Etictelecom ras-ew-400
Etictelecom remote Access Server Firmware
Etictelecom ras-e-100
Etictelecom ras-ecw-400-lw
Etictelecom ras-ew-220
Etictelecom ras-ew-100
Etictelecom ras-e-220
Etictelecom rfm-e
Etictelecom ras-e-400
Etictelecom ras-ec-480-lw
Etictelecom ras-ec-220-lw
Etictelecom ras-c-100-lw
Etictelecom ras-ecw-220-lw
Etictelecom
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01 - Patch, Third Party Advisory, US Government Resource

23 Aug 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-23 22:15

Updated : 2023-12-28 19:26

NVD link : CVE-2023-3453

Mitre link : CVE-2023-3453

JSON object : View

Products Affected

etictelecom

  • rfm-e
  • ras-e-100
  • ras-ec-480-lw
  • ras-ecw-220-lw
  • ras-ew-400
  • ras-e-220
  • remote_access_server_firmware
  • ras-c-100-lw
  • ras-ew-220
  • ras-ec-400-lw
  • ras-e-400
  • ras-ecw-400-lw
  • ras-ec-220-lw
  • ras-ew-100
CWE
CWE-1188

Insecure Default Initialization of Resource