CVE-2022-40713

6.5MEDIUM

Key Information:

Vendor: Nokia
Status: 1350 Optical Management System
Vendor: CVE Published:; 19 September 2022

Summary

An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.

References

https://www.gruppotim.it/it/footer/red-team.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2022
Vulnerability Reserved
Sep 14, 2022

Collectors

NVD DatabaseMitre Database