Lucene search

MitreCVE-2021-28485

HistorySep 14, 2023 - 3:15 p.m.

CVE-2021-28485

2023-09-1415:15:07

CWE-22

mitre

web.nvd.nist.gov

ericsson

msc-s

is 3.1

cp22

relative path traversal

web application

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

28.2%

JSON

In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.

Affected configurations

Nvd

Node

ericssonmobile_switching_center_server_bc_18aMatch-

AND

ericssonmobile_switching_center_server_bc_18a_firmwareRangeis_3.1–is_3.1_cp22

VendorProductVersionCPE
ericssonmobile_switching_center_server_bc_18a-cpe:2.3:h:ericsson:mobile_switching_center_server_bc_18a:-:*:*:*:*:*:*:*
ericssonmobile_switching_center_server_bc_18a_firmware*cpe:2.3:o:ericsson:mobile_switching_center_server_bc_18a_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ericsson	mobile_switching_center_server_bc_18a	-	cpe:2.3:h:ericsson:mobile_switching_center_server_bc_18a:-:::::::*
ericsson	mobile_switching_center_server_bc_18a_firmware	*	cpe:2.3:o:ericsson:mobile_switching_center_server_bc_18a_firmware::::::::

References

www.ericsson.com/en/about-us/security/psirt

www.gruppotim.it/it/footer/red-team.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

28.2%

JSON

Related for CVE-2021-28485