CVE-2023-3453: ETIC Telecom Insecure Default Initialization of Resource
First published: Wed Aug 23 2023(Updated: )
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ETIC Telecom RAS | ||
| Etictelecom Remote Access Server Firmware | <=4.7.0 | |
| All of | ||
| Etictelecom Remote Access Server Firmware | <=4.7.0 | |
| Any of | ||
| Etictelecom Ras-c-100-lw | ||
| Etictelecom Ras-ew-100 | ||
| Etictelecom Ras-e-220 | ||
| Etictelecom Ras-e-400 | ||
| Etictelecom Ras-ec-220-lw | ||
| Etictelecom Ras-ecw-400-lw | ||
| Etictelecom Ras-ec-480-lw | ||
| Etictelecom Ras-ecw-220-lw | ||
| Etictelecom Ras-ecw-400-lw | ||
| Etictelecom Ras-e-100 | ||
| Etictelecom Ras | ||
| Etictelecom Ras | ||
| Etictelecom Rfm-e |
Remedy
Update to ETIC Telecom RAS: version 4.9.0 or later https://www.etictelecom.com/en/softwares-download/
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-3453?
CVE-2023-3453 is considered a high severity vulnerability due to authentication being disabled by default, allowing potential unauthorized access.
How do I fix CVE-2023-3453?
To fix CVE-2023-3453, enable authentication for the web management portal and ensure proper configuration security settings are implemented.
What software versions are affected by CVE-2023-3453?
CVE-2023-3453 affects ETIC Telecom RAS versions 4.7.0 and prior.
What can an attacker do by exploiting CVE-2023-3453?
An attacker exploiting CVE-2023-3453 can alter device configurations or cause a denial-of-service condition.
Is there a workaround for CVE-2023-3453 if an update is not possible?
A temporary workaround for CVE-2023-3453 is to restrict network access to the device's management portal to trusted devices only.
- agent/type
- agent/weakness
- agent/references
- agent/description
- agent/remedy
- agent/title
- agent/severity
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/author
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/etic telecom
- canonical/etic telecom ras
- vendor/etictelecom
- canonical/etictelecom remote access server firmware
- version/etictelecom remote access server firmware/4.7.0
- canonical/etictelecom ras-c-100-lw
- canonical/etictelecom ras-ew-100
- canonical/etictelecom ras-e-220
- canonical/etictelecom ras-e-400
- canonical/etictelecom ras-ec-220-lw
- canonical/etictelecom ras-ecw-400-lw
- canonical/etictelecom ras-ec-480-lw
- canonical/etictelecom ras-ecw-220-lw
- canonical/etictelecom ras-e-100
- canonical/etictelecom ras
- canonical/etictelecom rfm-e