Lucene search

[email protected]NVD:CVE-2022-39820

HistoryDec 25, 2023 - 6:15 a.m.

CVE-2022-39820

2023-12-2506:15:08

CWE-522

[email protected]

web.nvd.nist.gov

network element manager

nokia nfm-t

unprotected storage

credentials

vulnerability

remote user

authenticated

operating system

directory access

cleartext credentials

web portal

pps network elements

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.6%

JSON

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.

Affected configurations

Nvd

Node

nokianetwork_functions_manager_for_transportMatch19.9

VendorProductVersionCPE
nokianetwork_functions_manager_for_transport19.9cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nokia	network_functions_manager_for_transport	19.9	cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:::::::*

References

www.gruppotim.it/it/footer/red-team.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.6%

JSON

Related for NVD:CVE-2022-39820

prion1 cvelist1 cve1