exploitDog

CVE-2024-26155

Опубликовано: 17 янв. 2025

Источник: nvd

CVSS3: 6.8

CVSS3: 8.6

EPSS Низкий

Описание

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*

Версия до 4.5.0 (исключая)

EPSS

Процентиль: 22%

0.00072

Низкий

6.8 Medium

CVSS3

8.6 High

CVSS3

Дефекты

CWE-319

Связанные уязвимости

GHSA-39g8-rv9x-hwgr

CVSS3: 6.8

github

около 1 года назад

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.

EPSS

Процентиль: 22%

0.00072

Низкий

6.8 Medium

CVSS3

8.6 High

CVSS3

Дефекты

CWE-319