CVE-2022-41607 MEDIUM

CVE-2022-41607: ETIC Telecom Remote Access Server Path Traversal

Vendor Etic Telecom
Product Remote Access Server (RAS)
Weakness CWE-22 · Path traversal
Published November 10, 2022
Last update October 15, 2024

CVSS base score

6.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

Key dates

02Disclosure timeline

November 10, 2022 CVE published
October 15, 2024 Record updated