CVE-2022-41607

MEDIUM 6.2

ETIC Telecom Remote Access Server Path Traversal

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

0th

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

CWE	CWE-22
Vendor	etic telecom
Product	remote access server (ras)
Published	Nov 10, 2022
Last Updated	Oct 15, 2024

Stay Ahead of the Next One

Get instant alerts for etic telecom remote access server (ras)

Be the first to know when new medium vulnerabilities affecting etic telecom remote access server (ras) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

ETIC Telecom / Remote Access Server (RAS)

0 ≤ 4.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01

Credits

Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA.