← back
CVE-2023-3453

ETIC Telecom Insecure Default Initialization of Resource

CVSS 7.1 HIGHEPSS 0.3%CWE-1188
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected products
ETIC Telecom · Remote Access Server (RAS)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01