← volver
CVE-2024-26155

ETIC Telecom Remote Access Server (RAS) Cleartext Transmission of Sensitive Information

CVSS 6.1 MEDIUMEPSS 0.2%CWE-319
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
17 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Productos afectados
ETIC Telecom · Remote Access Server (RAS)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01