CVE-2024-26154

Published Jan 17, 2025

Last updated a month ago

CVSS medium 4.8

Overview

Description: All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages.
Source: ics-cert@hq.dhs.gov
NVD status: Received

Risk scores

CVSS 4.0

Type: Secondary
Base score: 4.8
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Secondary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

ics-cert@hq.dhs.gov: CWE-79

Hype score: Not currently trending

New post from https://t.co/uXvPWJy6tj (CVE-2024-26154 | ETIC Telecom Remote Access Server RAS up to 4.4.x Web Server cross site scripting (icsa-22-307-01)) has been published on https://t.co/DCQxIxAbKv
@WolfgangSesin
17 Jan 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

References