ETIC Telecom Remote Access Server (RAS) (Update B)
Plan Patch7.6ICS-CERT ICSA-22-307-01Nov 3, 2022
Attack VectorAdjacent
Auth RequiredHigh
ComplexityHigh
User InteractionNone needed
Summary
ETIC Telecom RAS contains multiple vulnerabilities affecting firmware integrity, configuration file validation, and web authentication. These include: firmware signature verification bypass (CVE-2022-3703), web interface authentication weakness (CVE-2022-41607), arbitrary file upload via configuration (CVE-2022-40981, CVE-2024-26156, CVE-2024-26154, CVE-2024-26155), and an unauthenticated network access issue (CVE-2024-26153). Exploitation could allow an attacker to gain command execution on the RAS device and access connected infrastructure. Patches are available for some vulnerabilities in firmware versions 4.5.0 and 4.7.0 and later; older versions have no fix available and require administrative mitigations.
What this means
What could happen
An attacker with network access to the RAS device could upload malicious firmware, bypass authentication on the web administration interface, or trick administrators into installing compromised firmware, potentially gaining control of remote access infrastructure and compromising connected networks.
Who's at risk
Telecom and industrial organizations running ETIC Telecom RAS (Remote Access Server) for remote management of industrial equipment, network access points, or distributed control systems. This affects any facility using ETIC RAS for secure tunneling to operational networks or critical equipment.
How it could be exploited
An attacker on the local network (or with internet access if the admin interface is exposed) could exploit weak firmware signature verification (CVE-2022-3703), upload malicious configuration files (CVE-2022-40981, CVE-2024-26156, CVE-2024-26154, CVE-2024-26155), or bypass authentication on the web interface (CVE-2022-41607). By uploading crafted firmware or configuration, the attacker gains command execution on the RAS device and access to connected networks.
Prerequisites
- Network access to the RAS web administration interface on port 443 (HTTPS)
- For firmware attacks: ability to host a malicious firmware package or trick administrator into downloading from attacker-controlled source
- For configuration upload: access to the administration web interface (may require credentials depending on version)
- Default or weak authentication credentials if enabled
No vendor patch available for firmware versions below 4.5.0Multiple related vulnerabilities (6 CVEs) with overlapping exploitation pathsAffects critical remote access infrastructureWeak firmware integrity verification in older versionsAuthentication bypass possible on older firmware
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
ETIC Telecom RAS: <4.5.0<4.5.04.9.19 or later (CVE-2024-26153); 4.7.0 or later (CVE-2022-3703, CVE-2022-41607, CVE-2022-40981); 4.5.0 or later (CVE-2024-26157, CVE-2024-26156, CVE-2024-26154, CVE-2024-26155)
ETIC Telecom RAS: <4.11.0<4.11.04.9.19 or later (CVE-2024-26153); 4.7.0 or later (CVE-2022-3703, CVE-2022-41607, CVE-2022-40981); 4.5.0 or later (CVE-2024-26157, CVE-2024-26156, CVE-2024-26154, CVE-2024-26155)
Remediation & Mitigation
0/6
Do now
0/3WORKAROUNDRestrict RAS web administration interface to LAN-side access only; disable internet-facing admin access
WORKAROUNDRequire strong authentication (non-default credentials, complex passwords) on the RAS web administration interface
WORKAROUNDFor firmware versions prior to 4.7.0, manually verify downloaded firmware files against published hashes from ETIC Telecom's official website before installation
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate ETIC Telecom RAS firmware to version 4.9.19 or later (addresses CVE-2024-26153); version 4.7.0 or later (addresses CVE-2022-3703, CVE-2022-41607, CVE-2022-40981); version 4.5.0 or later (addresses CVE-2024-26157, CVE-2024-26156, CVE-2024-26154, CVE-2024-26155)
HARDENINGEnforce HTTPS-only access to the RAS administration web interface; disable HTTP
Long-term hardening
0/1HARDENINGPlace RAS device behind a firewall; isolate remote access infrastructure from business networks and the internet
CVEs (8)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3d0edb97-a1b7-40ae-aa90-784051886c26