{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-26154",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nare vulnerable to reflected cross site scripting in the appliance site \nname. The ETIC RAS web server saves the site name and then presents it \nto the administrators in a few different pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ETIC Telecom",
"product": {
"product_data": [
{
"product_name": "Remote Access Server (RAS)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-22-307-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For versions prior to 4.5.0, to reduce the attack surface, ETIC Telecom \nadvise the user to verify in the router configuration that: (1) The \nadministration web page is accessible only through the LAN side over \nHTTPS, and (2) The administration web page is protected with \nauthentication.\n\n
"
}
],
"value": "For versions prior to 4.5.0, to reduce the attack surface, ETIC Telecom \nadvise the user to verify in the router configuration that: (1) The \nadministration web page is accessible only through the LAN side over \nHTTPS, and (2) The administration web page is protected with \nauthentication."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For all firmware versions 4.5.0 and above, this issue is fixed."
}
],
"value": "For all firmware versions 4.5.0 https://www.etictelecom.com/en/softwares-download/ and above, this issue is fixed."
}
],
"credits": [
{
"lang": "en",
"value": "Haviv Vaizman, Hay Mizrachi, Alik Koldobsky, Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}
}