Lucene search

ERICCVELIST:CVE-2024-25007

HistoryApr 04, 2024 - 6:25 p.m.

CVE-2024-25007 Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability

2024-04-0418:25:21

CWE-1236

ERIC

www.cve.org

cve-2024-25007

ericsson network manager

improper neutralization

formula elements

csv file

code execution

information disclosure

integrity

availability

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Ericsson Network Manager",
    "vendor": "Ericsson",
    "versions": [
      {
        "lessThan": "23.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-25007