OS Command Injection in NOKIA NFM-T WebUI
CVE-2022-39818

8.8HIGH

Key Information:

Vendor: Nokia
Status: Network Functions Manager For Transport
Vendor: CVE Published:; 25 December 2023

Summary

The OS Command Injection vulnerability found in NOKIA NFM-T R19.9 allows authenticated users to exploit the /cgi-bin/R19.9/log.pl script through the cmd HTTP GET parameter. This flaw can be exploited to execute arbitrary system commands with root privileges, potentially compromising the integrity and confidentiality of affected systems. Organizations utilizing this product should prioritize applying patches and enhancing security measures to safeguard against such unauthorized command execution.

References

https://www.gruppotim.it/it/footer/red-team.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 25, 2023
Vulnerability Reserved
Sep 5, 2022