CVE-2024-26155

Summary

CVE-2024-26155 is a vulnerability affecting all versions of ETIC Telecom Remote Access Server (RAS) before 4.5.0. This issue exposes clear text credentials in the web portal, making it possible for an attacker to view the HTML code and connect to the ETIC RAS SSH server. The hidden configuration of the web portal does not provide adequate protection against this vulnerability, potentially enabling unauthorized access and actions on the device. In simpler terms, the ETIC Telecom RAS web portal, which should be hidden, contains clear text credentials that can be accessed by an attacker. By exploiting this vulnerability, a hacker can gain access to the RAS SSH server and potentially perform various actions on the device. The affected versions of ETIC RAS are prior to 4.5.0, and upgrading to a newer version is recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.