Improper Access Control Vulnerability in Nokia AirFrame BMC Web GUI
CVE-2022-28866
8.8HIGH
Summary
The Nokia AirFrame BMC Web GUI contains multiple improper access control vulnerabilities that allow unauthorized users to bypass access controls and gain access to sensitive data and configurations. Specifically, the issues affect endpoints such as /#settings/* and /api/settings/*. Without proper validation of user permissions, attackers can not only view restricted pages but also modify system configurations, potentially leading to denial of service (DoS) conditions. This risk is particularly critical as it compromises confidentiality, integrity, and availability of the system, which should be reserved for users with administrative privileges.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved