CVE-2024-26155

Published Jan 17, 2025

Last updated a month ago

CVSS medium 6.1

Overview

Description
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.
Source
ics-cert@hq.dhs.gov
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
4
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

ics-cert@hq.dhs.gov
CWE-319

Social media

Hype score
Not currently trending

  1. CVE-2024-26155 Clear Text Credential Exposure in ETIC Telecom RAS Web Portal https://t.co/waj9sTVjkN Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    17 Jan 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References