CVE-2024-26157

Summary

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response to the client.

Affected Software

VendorProductVersion RangeStatus
ETIC TelecomRemote Access Server (RAS)0 < 4.5.0affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References