Lucene search

[email protected]NVD:CVE-2023-39909

HistoryDec 07, 2023 - 6:15 p.m.

CVE-2023-39909

2023-12-0718:15:07

[email protected]

web.nvd.nist.gov

ericsson

network manager

access control

vulnerability

unauthenticated users

ncm application

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.1%

JSON

Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.

Affected configurations

Nvd

Node

ericssonnetwork_managerRange<23.2

VendorProductVersionCPE
ericssonnetwork_manager*cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ericsson	network_manager	*	cpe:2.3:a:ericsson:network_manager::::::::

References

www.gruppotim.it/it/footer/red-team.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.1%

JSON

Related for NVD:CVE-2023-39909

prion1 cvelist1 cve1