XML External Entity Attack in Nokia NetAct Configuration Dashboard
CVE-2023-26057

6.5MEDIUM

Key Information:

Vendor: Nokia
Status: Netact
Vendor: CVE Published:; 25 April 2023

What is CVE-2023-26057?

An XML External Entity (XXE) vulnerability has been identified in Nokia's NetAct product prior to version 22 FP2211. This issue arises due to inadequate input validation and improper configuration of the XML parser on the Configuration Dashboard page. Although the exploitation of this vulnerability is notably challenging for external attackers—who would need to navigate dynamically generated parameters such as Jsession-id, CSRF token, and Nxsrf token—internal users may have a plausible attack vector, making it critical for organizations to secure internal access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://nokia.com

https://www.ptsecurity.com/ww-en/analytics/threatscape/pt...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Feb 19, 2023

JSON

Nokia

What is CVE-2023-26057?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.