Access Control Vulnerability in Ericsson Network Manager
CVE-2021-28488

6.5MEDIUM

Key Information:

Vendor

Ericsson

Status
Network Manager
Vendor
CVE Published:
10 March 2022

What is CVE-2021-28488?

Ericsson Network Manager (ENM) prior to version 21.2 exhibits improper access-control mechanisms. This vulnerability allows users within the same AMOS authorization group, who possess a highly privileged role, to access managed-network data that should have been restricted. This means that sensitive data, intended only for specific individuals, can be improperly accessed by users not authorized to view it, raising significant concerns about data privacy and security within managed network environments.

References

https://www.ericsson.com
x_refsource_MISC
https://www.gruppotim.it/it/footer/red-team.html
x_refsource_MISC
https://www.ericsson.com/en/about-us/enterprise-security/...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-28488 : Access Control Vulnerability in Ericsson Network Manager