CVE-2022-40981

MEDIUM 5.9

ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

0th

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

CWE	CWE-434
Vendor	etic telecom
Product	remote access server (ras)
Published	Nov 10, 2022
Last Updated	Sep 16, 2024

Stay Ahead of the Next One

Get instant alerts for etic telecom remote access server (ras)

Be the first to know when new medium vulnerabilities affecting etic telecom remote access server (ras) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

ETIC Telecom / Remote Access Server (RAS)

0 ≤ 4.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

Credits

Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.