Vulnerability in Export Function of Application Log Could Lead to Code Execution or Information Disclosure

CVE-2024-25007

7.1HIGH

Key Information

Vendor
Ericsson
Status
Ericsson Network Manager
Vendor
CVE Published:
4 April 2024

Badges

đź“° News Worthy

Summary

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.

Affected Version(s)

Ericsson Network Manager < 23.1

News Articles

favicon imageRed Hot Cyber

TIM Red Team Research scopre un Bug di CSV Injection su Ericsson Network Manager (ENM)

Il laboratorio di ricerca sui bug di TIM il Red Team Research, rileva un bug sul prodotto Ericsson Network Manager (ENM) ed Ericsson emette un bollettino.

8 months ago

Refferences

https://www.ericsson.com/en/about-us/security/psirt/secur...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • First article discovered by Red Hot Cyber

  • Vulnerability published

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Ericsson thanks Luca Borzacchiello, Andrea Carlo Maria Dattola, Massimiliano Ferraresi, Massimiliano Brolli of TIM Security Red Team Research, TIM S.p.A. for reporting this issue.
.