CVE-2024-26153 HIGH

CVE-2024-26153: ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery

Vendor Etic Telecom

Product Remote Access Server (RAS)

Weakness CWE-352 · CSRF

Published January 17, 2025

Last update January 21, 2025

View on NVD All CVEs

CVSS base score

7.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requiring any CSRF token, which can lead into denial of service on the device.

Key dates

02Disclosure timeline

January 17, 2025 CVE published

January 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-26153 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

CVE-2024-26153: ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery

01Description

02Disclosure timeline

03References

04Related CVE