Vulnerability Description
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Etictelecom | Remote Access Server Firmware | <= 4.7.0 |
| Etictelecom | Ras-C-100-Lw | - |
| Etictelecom | Ras-E-100 | - |
| Etictelecom | Ras-E-220 | - |
| Etictelecom | Ras-E-400 | - |
| Etictelecom | Ras-Ec-220-Lw | - |
| Etictelecom | Ras-Ec-400-Lw | - |
| Etictelecom | Ras-Ec-480-Lw | - |
| Etictelecom | Ras-Ecw-220-Lw | - |
| Etictelecom | Ras-Ecw-400-Lw | - |
| Etictelecom | Ras-Ew-100 | - |
| Etictelecom | Ras-Ew-220 | - |
| Etictelecom | Ras-Ew-400 | - |
| Etictelecom | Rfm-E | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01PatchThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-3453?
CVE-2023-3453 is a vulnerability with a CVSS score of 7.1 (HIGH). ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the dev...
How severe is CVE-2023-3453?
CVE-2023-3453 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3453?
Check the references section above for vendor advisories and patch information. Affected products include: Etictelecom Remote Access Server Firmware, Etictelecom Ras-C-100-Lw, Etictelecom Ras-E-100, Etictelecom Ras-E-220, Etictelecom Ras-E-400.