CVE-2023-3453
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ETIC Telecom | Remote Access Server (RAS) | 0 <= 4.7.0 | affected |
Weaknesses
- CWE-1188: CWE-1188 Insecure Default Initialization of Resource
Workarounds
ETIC Telecom recommends enabling the authentication mechanism on the administration interface. This can be done on the page “> Setup > Security > Administration right” by creating an administrator on the “List of administrators” table, enabling the parameter “Password protect the configuration interface,” then setting the parameter “Protocols to use for configuration” to “HTTPs only”.
NOTE: for firmware versions 4.9.0 or later, enabling the administration protection is mandatory after the first product start.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.