CVE-2022-41607

Name of the Vulnerable Software and Affected Versions ETIC Telecom Remote Access Server (RAS) versions 4.5.0 and prior

Description The application programmable interface (API) of the affected software is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

Recommendations For versions 4.5.0 and prior, consider restricting access to the API to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to read sensitive files from the server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.