ETIC Telecom Remote Access Server (RAS) 4.5.1 to 4.7.0, 5.0.0 to 5.1.0, and 5.5.0 and later is not affected by this issue. ETIC Telecom Remote Access Server (RAS) 4.5.0 and 4.5.1 is vulnerable to cross-site request forgery. An attacker could exploit this to access the affected device or computer as administrator level user. ETIC Telecom Remote Access Server (RAS) 4.5.0 and 4.5.1 is vulnerable to directory traversal. An attacker could exploit this to upload malicious files to the affected device or computer and gain access to the affected device or computer as administrator level user. ETIC Telecom Remote Access Server (RAS) 4.5.0 and 4.5.1 is vulnerable to remote code execution. An attacker could exploit this to gain full access to the affected device or computer as administrator level user. ETIC Telecom Remote Access Server (RAS) 4.5.0 and 4.5.1 is vulnerable to injection. An attacker could exploit this to redirect network traffic to attacker-controlled locations, steal sensitive data, or perform other malicious activities on the affected device or computer. ETIC Telecom Remote Access Server (RAS) 4.5.0 and 4.5.1 is vulnerable to cross-site request forgery. An attacker could exploit this to access the affected device
How to verify if your installed version is vulnerable?
To verify if your installed version is vulnerable, navigate to the /var/log/syslog and search for the following string:
CVE-2022-40981
If this string appears in syslog, then you are vulnerable to cross-site request forgery.
Solution and Mitigation CVE-2022-40981
On November 3, 2016, ETIC Telecom released Remote Access Server (RAS) 4.5.1 to 4.7.0, 5.0.0 to 5.1.0, and 5.5.0 and later that addresses these vulnerabilities.
Timeline
Published on: 11/10/2022 22:15:00 UTC
Last modified on: 11/16/2022 15:05:00 UTC