All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

AND
     OR
          *cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:* versions up to (including) 4.5.0
     OR
          cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:*
          cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:*
          cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:*
          cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:*
          cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:*
          cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:*
         

OR
     *cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:* versions up to (including) 4.5.0

ICS-CERT AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

ICS-CERT AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

S-Unclear if Scope change occurs

OR
     *cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:* versions up to (including) 4.5.0

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 No Types Assigned

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 Patch, Third Party Advisory, US Government Resource