CVE-2023-3453 HIGH

CVE-2023-3453: ETIC Telecom Insecure Default Initialization of Resource

Vendor Etic Telecom
Product Remote Access Server (RAS)
Weakness CWE-1188
Published August 23, 2023
Last update September 30, 2024

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

Key dates

02Disclosure timeline

August 23, 2023 CVE published
September 30, 2024 Record updated