Privilege Escalation Vulnerability in Ericsson Network Manager
CVE-2021-32570

4.9MEDIUM

Key Information:

Vendor: Ericsson
Status: Network Manager
Vendor: CVE Published:; 26 August 2022

What is CVE-2021-32570?

In affected versions of Ericsson Network Manager prior to 21.2, a privilege escalation vulnerability exists that allows users within the same AMOS authorization group to access sensitive log file data. This occurs because highly privileged AMOS users can retrieve information improperly stored in specific log files. As all AMOS users are defined and authorized by the Security Administrator, this vulnerability poses a significant risk by enabling data exposure and the potential for escalated privileges within the ENM system.

References

https://www.ericsson.com

x_refsource_MISC

https://www.gruppotim.it/it/footer/red-team.html

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2022
Vulnerability Reserved
May 11, 2021