CVE-2024-26154: ETIC Telecom Remote Access Server (RAS) Cross-site Scripting
First published: Fri Jan 17 2025(Updated: )
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ETIC Telecom RAS | <4.5.0 | 4.5.0 |
| ETIC Telecom RAS | <4.9.19 | 4.9.19 |
Remedy
For all firmware versions 4.5.0 https://www.etictelecom.com/en/softwares-download/ and above, this issue is fixed.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-26154?
CVE-2024-26154 is categorized as a medium severity vulnerability due to reflected cross-site scripting risks.
How do I fix CVE-2024-26154?
To fix CVE-2024-26154, upgrade to ETIC Telecom RAS version 4.5.0 or later.
Who is affected by CVE-2024-26154?
All versions of ETIC Telecom Remote Access Server prior to 4.5.0 are affected by CVE-2024-26154.
What type of vulnerability is CVE-2024-26154?
CVE-2024-26154 is a reflected cross-site scripting vulnerability.
What are the potential impacts of CVE-2024-26154?
CVE-2024-26154 could allow an attacker to execute arbitrary scripts in the context of the administrator's browser.
- agent/weakness
- agent/title
- agent/remedy
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- vendor/: etic telecom
- canonical/etic telecom ras