CVE-2023-3453

Summary

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
ETIC TelecomRemote Access Server (RAS)0 <= 4.7.0affected

Weaknesses

  • CWE-1188: CWE-1188 Insecure Default Initialization of Resource

Workarounds

ETIC Telecom recommends enabling the authentication mechanism on the administration interface. This can be done on the page “> Setup > Security > Administration right” by creating an administrator on the “List of administrators” table, enabling the parameter “Password protect the configuration interface,” then setting the parameter “Protocols to use for configuration” to “HTTPs only”.

NOTE: for firmware versions 4.9.0 or later, enabling the administration protection is mandatory after the first product start.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References