Cross-Site Request Forgery in Nokia NetAct by Nokia
CVE-2022-30280

8.8HIGH

Key Information:

Vendor: Nokia
Status: Netact
Vendor: CVE Published:; 24 July 2023

Summary

The CSRF vulnerability in Nokia NetAct 22 enables remote attackers to exploit user sessions and create new accounts with arbitrary privileges, including administrative rights. This security flaw arises due to the application's failure to verify CSRF tokens, even when it incorporates them in some requests. Attackers can leverage social engineering tactics to execute unauthorized actions, potentially compromising the integrity of the web application and affecting both regular and administrative users.

References

https://www.telecomitalia.com/tit/it/innovazione/cybersec...

https://www.gruppotim.it/it/footer/red-team.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
May 4, 2022