ETIC Telecom Remote Access Server Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in all versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0. The issue arises in the appliance site name, which is saved by the ETIC RAS web server and then reflected back to administrators on various pages. This vulnerability allows an attacker to inject malicious scripts that could be executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

ETIC Telecom has released a patch for this vulnerability in version 4.5.0. Users are advised to update to this version or later. For versions prior to 4.5.0, ETIC Telecom recommends ensuring that the administration web page is accessible only through the LAN side over HTTPS and is protected with authentication.