Code Injection Vulnerability in Nokia NetAct Administration of Measurements
CVE-2022-28864

8.8HIGH

Key Information:

Vendor: Nokia
Status: Netact
Vendor: CVE Published:; 24 July 2023

Summary

A code injection vulnerability exists in the administration section of Nokia NetAct 22, specifically within the Administration of Measurements feature. A malicious actor can manipulate the templateName parameter to insert harmful code. This malicious payload can then be downloaded as a .csv or .xlsx file, which, when executed on an unsuspecting user's machine, can lead to unauthorized actions. This vulnerability underscores the importance of securing input fields against manipulation to prevent such exploits.

References

https://www.telecomitalia.com/tit/it/innovazione/cybersec...

https://www.gruppotim.it/it/footer/red-team.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
Apr 8, 2022