Lucene search

K
cveMitreCVE-2022-39818
HistoryDec 25, 2023 - 6:15 a.m.

CVE-2022-39818

2023-12-2506:15:07
CWE-78
mitre
web.nvd.nist.gov
16
nokia
nfm-t
r19.9
os command injection
vulnerability
cve-2022-39818
nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

68.8%

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.

Affected configurations

Nvd
Node
nokianetwork_functions_manager_for_transportMatch19.9
VendorProductVersionCPE
nokianetwork_functions_manager_for_transport19.9cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

68.8%

Related for CVE-2022-39818