CVE-2024-26154 – ETIC Telecom Remote Access Server (RAS) version... (How to Fix)

Q: What is the severity of CVE-2024-26154?

CVE-2024-26154 has a CVSS score of 4.8 (MEDIUM). ETIC Telecom Remote Access Server (RAS) versions before 4.5.0 contain a reflected cross-site scripting (XSS) vulnerability in the appliance site name parameter. Attackers can inject malicious scripts that execute when administrators view certain pages, potentially compromising administrative sessions. This affects all ETIC RAS deployments using vulnerable versions.

📋 TL;DR

ETIC Telecom Remote Access Server (RAS) versions before 4.5.0 contain a reflected cross-site scripting (XSS) vulnerability in the appliance site name parameter. Attackers can inject malicious scripts that execute when administrators view certain pages, potentially compromising administrative sessions. This affects all ETIC RAS deployments using vulnerable versions.

💻 Affected Systems

Products:

ETIC Telecom Remote Access Server (RAS)

Versions: All versions prior to 4.5.0

Operating Systems: Not specified - appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the web interface used by administrators to manage the RAS appliance.

📦 What is this software?

Remote Access Server Firmware by Etictelecom

View all CVEs affecting Remote Access Server Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to full system compromise, data theft, or ransomware deployment through session hijacking.

🟠

Likely Case

Session hijacking of administrative accounts, unauthorized configuration changes, or credential theft.

🟢

If Mitigated

Limited impact if administrators use separate accounts with minimal privileges and browsers have XSS protections enabled.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an administrator into clicking a malicious link containing the XSS payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.0

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01

Restart Required: Yes

Instructions:

1. Download ETIC RAS version 4.5.0 or later from vendor portal. 2. Backup current configuration. 3. Apply the update following vendor documentation. 4. Restart the RAS appliance. 5. Verify the update was successful.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or proxy filtering to sanitize site name parameter inputs

Browser Security Controls

all

Enable Content Security Policy (CSP) headers and XSS protection in browsers accessing the admin interface

🧯 If You Can't Patch

Restrict access to the admin interface using network segmentation and firewall rules
Implement multi-factor authentication for all administrative accounts

🔍 How to Verify

Check if Vulnerable:

Check ETIC RAS version in admin interface. If version is below 4.5.0, system is vulnerable.

Check Version:

Login to ETIC RAS admin interface and navigate to System Information page

Verify Fix Applied:

Verify version is 4.5.0 or higher in admin interface and test site name field for XSS sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual site name parameter values containing script tags or JavaScript in web logs
Multiple failed login attempts following suspicious site name changes

Network Indicators:

HTTP requests containing script tags in site name parameter
Unusual outbound connections from admin workstations

SIEM Query:

source="etic_ras_logs" AND (site_name CONTAINS "<script>" OR site_name CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-26154

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.08% exploit probability (23.4th percentile)

Published: January 17, 2025

Last Updated: July 30, 2025

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26154, you might also want to check these: