Remote Code Execution Flaw in Ericsson Network Manager
CVE-2022-46408

6.8MEDIUM

Key Information:

Vendor: Ericsson
Status: Network Manager
Vendor: CVE Published:; 29 June 2023

What is CVE-2022-46408?

The application within Ericsson Network Manager contains a significant vulnerability that allows an attacker to exploit improperly handled formula elements in CSV files. This could lead to unauthorized remote code execution or sensitive data exposure via maliciously crafted hyperlinks. To take advantage of this flaw, an attacker would require administrative or elevated access privileges, making it essential for organizations using affected versions to address this issue promptly.

References

https://www.gruppotim.it/it/footer/red-team.html

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2023
Vulnerability Reserved
Dec 4, 2022