CVE-2024-26153 — HIGH (7.4)

Q: How severe is CVE-2024-26153?

CVE-2024-26153 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-26153?

Check the references section above for vendor advisories and patch information. Affected products include: Etictelecom Remote Access Server Firmware.

Vulnerability Description

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requiring any CSRF token, which can lead into denial of service on the device.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Etictelecom	Remote Access Server Firmware	< 4.9.19

Related Weaknesses (CWE)

CWE-352

References

https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2024-26153?

CVE-2024-26153 is a vulnerability with a CVSS score of 7.4 (HIGH). All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user ...

How severe is CVE-2024-26153?

CVE-2024-26153 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-26153?

Check the references section above for vendor advisories and patch information. Affected products include: Etictelecom Remote Access Server Firmware.