All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 |
History
Mon, 16 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. | All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. |
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2022-11-10T21:31:26.863838Z
Updated: 2024-09-16T19:55:47.025Z
Reserved: 2022-09-29T00:00:00
Link: CVE-2022-41607
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-10T22:15:15.323
Modified: 2024-09-16T20:15:44.497
Link: CVE-2022-41607
Redhat
No data.