Vulnerability Description
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Etictelecom | Remote Access Server Firmware | <= 4.5.0 |
| Etictelecom | Ras-C-100-Lw | - |
| Etictelecom | Ras-E-100 | - |
| Etictelecom | Ras-E-220 | - |
| Etictelecom | Ras-E-400 | - |
| Etictelecom | Ras-Ec-220-Lw | - |
| Etictelecom | Ras-Ec-400-Lw | - |
| Etictelecom | Ras-Ec-480-Lw | - |
| Etictelecom | Ras-Ecw-220-Lw | - |
| Etictelecom | Ras-Ecw-400-Lw | - |
| Etictelecom | Ras-Ew-100 | - |
| Etictelecom | Ras-Ew-220 | - |
| Etictelecom | Ras-Ew-400 | - |
| Etictelecom | Rfm-E | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01PatchThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-3703?
CVE-2022-3703 is a vulnerability with a CVSS score of 7.6 (HIGH). All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide pri...
How severe is CVE-2022-3703?
CVE-2022-3703 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3703?
Check the references section above for vendor advisories and patch information. Affected products include: Etictelecom Remote Access Server Firmware, Etictelecom Ras-C-100-Lw, Etictelecom Ras-E-100, Etictelecom Ras-E-220, Etictelecom Ras-E-400.