Absolute Path Traversal in NOKIA 1350OMS Products
CVE-2022-40715

6.5MEDIUM

Key Information:

Vendor: Nokia
Status: 1350 Optical Management System
Vendor: CVE Published:; 19 September 2022

What is CVE-2022-40715?

An Absolute Path Traversal vulnerability in NOKIA 1350OMS R14.2 allows an authenticated remote attacker to access arbitrary files on the filesystem via the logfile parameter. This issue poses serious security risks as it can lead to unauthorized exposure of sensitive information, making systems vulnerable to further exploitation.

References

https://www.gruppotim.it/it/footer/red-team.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2022
Vulnerability Reserved
Sep 14, 2022

Nokia

What is CVE-2022-40715?

References

CVSS V3.1

Timeline