CVE-2024-26155
Last modified
CVE-2024-26155 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Etictelecom | Remote Access Server Firmware | < 4.5.0 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-26155?
How severe is CVE-2024-26155?
How do I fix CVE-2024-26155?
Are you affected by CVE-2024-26155?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST