Insufficiently Protected Credentials in NOKIA 1350 OMS R14.2
CVE-2022-39816

6.5MEDIUM

Key Information:

Vendor: Nokia
Status: 1350 Optical Management System
Vendor: CVE Published:; 13 September 2022

Summary

In NOKIA 1350 OMS R14.2, a vulnerability exists that allows for insufficiently protected credentials, specifically a cleartext administrator password, to be exposed on the edit configuration page. An authenticated attacker can exploit this weakness, potentially leading to unauthorized access and control over the system.

References

https://www.gruppotim.it/it/footer/red-team.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Sep 5, 2022