CVE-2024-26156 – ETIC Telecom Remote Access Server (RAS) version... (How to Fix)

Q: What is the severity of CVE-2024-26156?

CVE-2024-26156 has a CVSS score of 4.8 (MEDIUM). ETIC Telecom Remote Access Server (RAS) versions before 4.5.0 are vulnerable to reflected cross-site scripting (XSS) attacks via the method parameter. This allows attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. Organizations using ETIC RAS for remote access are affected.

📋 TL;DR

ETIC Telecom Remote Access Server (RAS) versions before 4.5.0 are vulnerable to reflected cross-site scripting (XSS) attacks via the method parameter. This allows attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. Organizations using ETIC RAS for remote access are affected.

💻 Affected Systems

Products:

ETIC Telecom Remote Access Server (RAS)

Versions: All versions prior to 4.5.0

Operating Systems: Not specified - likely embedded/network appliance

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the web interface of the RAS device.

📦 What is this software?

Remote Access Server Firmware by Etictelecom

View all CVEs affecting Remote Access Server Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on client systems.

🟠

Likely Case

Session hijacking leading to unauthorized access to the RAS interface and potentially connected systems.

🟢

If Mitigated

Limited impact if proper input validation, output encoding, and Content Security Policy are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link) but is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.0

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01

Restart Required: Yes

Instructions:

1. Download ETIC RAS version 4.5.0 or later from vendor. 2. Backup current configuration. 3. Apply update following vendor instructions. 4. Restart the RAS service or device. 5. Verify update completed successfully.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with XSS protection rules to filter malicious input.

Input Validation Filter

all

Implement proxy or middleware to sanitize method parameter inputs.

🧯 If You Can't Patch

Isolate ETIC RAS behind reverse proxy with input sanitization.
Implement strict Content Security Policy headers.

🔍 How to Verify

Check if Vulnerable:

Test by injecting script payload in method parameter: <script>alert('XSS')</script> and check if it executes.

Check Version:

Check web interface or administrative console for version information (typically in About or Status page).

Verify Fix Applied:

After patching, repeat XSS test - script should not execute and input should be properly encoded.

📡 Detection & Monitoring

Log Indicators:

Unusual long or script-like strings in method parameter logs
Multiple failed XSS attempts

Network Indicators:

HTTP requests containing script tags in method parameter
Unusual redirects from RAS interface

SIEM Query:

source="etic_ras" AND (method="*<script>*" OR method="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-26156

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.08% exploit probability (23.4th percentile)

Published: January 17, 2025

Last Updated: July 30, 2025

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26156, you might also want to check these: